support GPT-5-Codex in CLI

Co-authored-by: openhands <openhands@all-hands.dev>

.github/scripts/update_pr_description.sh

@@ -18,7 +18,7 @@ DOCKER_RUN_COMMAND="docker run -it --rm \
   docker.all-hands.dev/all-hands-ai/openhands:${SHORT_SHA}"
 
 # Define the uvx command
-UVX_RUN_COMMAND="uvx --python 3.12 --from git+https://github.com/All-Hands-AI/OpenHands@${BRANCH_NAME} openhands"
+UVX_RUN_COMMAND="uvx --python 3.12 --from git+https://github.com/All-Hands-AI/OpenHands@${BRANCH_NAME}#subdirectory=openhands-cli openhands"
 
 # Get the current PR body
 PR_BODY=$(gh pr view "$PR_NUMBER" --json body --jq .body)

.github/workflow-templates/README.md

@@ -1,123 +0,0 @@
-# OpenHands GitHub Actions Workflow Templates
-
-This directory contains workflow templates that make it easy to integrate OpenHands AI agent into your GitHub CI/CD workflows.
-
-## Available Templates
-
-### 1. OpenHands Code Review (`openhands-code-review.yml`)
-Automatically reviews pull requests for code quality, security, and best practices.
-
-**Triggers:** Pull request opened or updated
-**Permissions:** `contents: read`, `pull-requests: write`, `issues: write`
-
-### 2. OpenHands Bug Fix (`openhands-bug-fix.yml`)
-Automatically investigates and fixes bugs when issues are labeled with 'bug'.
-
-**Triggers:** Issue labeled with 'bug'
-**Permissions:** `contents: write`, `pull-requests: write`, `issues: write`
-
-### 3. OpenHands Documentation (`openhands-documentation.yml`)
-Keeps project documentation up-to-date by reviewing code changes and updating docs.
-
-**Triggers:** Weekly schedule, manual dispatch, or code changes
-**Permissions:** `contents: write`, `pull-requests: write`
-
-### 4. OpenHands Custom Task (`openhands-custom-task.yml`)
-Run any custom development task with a manual trigger and custom description.
-
-**Triggers:** Manual dispatch with task description input
-**Permissions:** `contents: write`, `pull-requests: write`, `issues: write`
-
-## Setup Instructions
-
-### Prerequisites
-
-1. **OpenHands API Key**: Get your API key from [OpenHands](https://app.all-hands.dev)
-2. **GitHub Repository**: The templates work with any GitHub repository
-
-### Installation
-
-1. **Add API Key Secret**:
-   - Go to your repository's Settings → Secrets and variables → Actions
-   - Add a new repository secret named `OPENHANDS_API_KEY`
-   - Set the value to your OpenHands API key
-
-2. **Use Templates**:
-   - Go to your repository's Actions tab
-   - Click "New workflow"
-   - Look for "OpenHands" templates in the template gallery
-   - Choose the template that fits your needs
-   - Customize as needed and commit
-
-### Customization
-
-All templates can be customized:
-
-- **Prompts**: Modify the task descriptions to fit your specific needs
-- **Triggers**: Change when workflows run (schedule, events, manual)
-- **Timeouts**: Adjust polling timeouts based on task complexity
-- **Permissions**: Modify based on what actions OpenHands needs to perform
-
-### Example Customizations
-
-#### Custom Review Criteria
-```yaml
-prompt = '''Please review this pull request focusing on:
-- Performance optimization opportunities
-- Database query efficiency
-- API design consistency
-- Error handling completeness
-'''
-```
-
-#### Specific Documentation Updates
-```yaml
-prompt = '''Update the following documentation:
-1. API reference in docs/api.md
-2. Installation guide in README.md
-3. Code examples in docs/examples/
-'''
-```
-
-## How It Works
-
-1. **Workflow Trigger**: GitHub event triggers the workflow
-2. **Setup**: Installs Python and downloads the OpenHands API helper
-3. **API Call**: Creates a conversation with OpenHands using your prompt
-4. **Execution**: OpenHands performs the requested task in your repository
-5. **Results**: OpenHands may create PRs, comments, or other outputs
-
-## Security Considerations
-
-- **API Key**: Keep your `OPENHANDS_API_KEY` secret secure
-- **Permissions**: Templates request minimal required permissions
-- **Repository Access**: OpenHands will have access to your repository during task execution
-- **Review Changes**: Always review any PRs or changes made by OpenHands
-
-## Troubleshooting
-
-### Common Issues
-
-1. **Missing API Key**: Ensure `OPENHANDS_API_KEY` is set in repository secrets
-2. **Permission Errors**: Check that workflow permissions match template requirements
-3. **Timeout Issues**: Increase timeout values for complex tasks
-4. **Rate Limits**: OpenHands API has rate limits; space out workflow runs if needed
-
-### Getting Help
-
-- Check the [OpenHands Documentation](https://docs.all-hands.dev)
-- Review workflow run logs for detailed error messages
-- Ensure your repository is accessible and has the necessary permissions
-
-## Contributing
-
-To improve these templates:
-
-1. Test changes thoroughly
-2. Update documentation
-3. Follow GitHub Actions best practices
-4. Consider security implications
-
-## License
-
-These templates are provided under the same license as the OpenHands project.

.github/workflow-templates/openhands-bug-fix.properties.json

@@ -1,23 +0,0 @@
-{
-  "name": "OpenHands Bug Fix",
-  "description": "Automatically investigate and fix bugs using OpenHands AI agent. Triggered when issues are labeled with 'bug'.",
-  "iconName": "octicon bug",
-  "categories": [
-    "Bug Fix",
-    "AI",
-    "Automation",
-    "Debugging"
-  ],
-  "filePatterns": [
-    ".*\\.py$",
-    ".*\\.js$",
-    ".*\\.ts$",
-    ".*\\.jsx$",
-    ".*\\.tsx$",
-    ".*\\.java$",
-    ".*\\.go$",
-    ".*\\.rs$",
-    ".*\\.cpp$",
-    ".*\\.c$"
-  ]
-}

.github/workflow-templates/openhands-bug-fix.yml

@@ -1,76 +0,0 @@
-name: OpenHands Bug Fix
-
-on:
-  issues:
-    types: [labeled]
-
-jobs:
-  openhands-fix:
-    if: contains(github.event.label.name, 'bug')
-    runs-on: ubuntu-latest
-    permissions:
-      contents: write
-      pull-requests: write
-      issues: write
-
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@v4
-
-      - name: Set up Python
-        uses: actions/setup-python@v5
-        with:
-          python-version: '3.11'
-
-      - name: Install OpenHands API helper
-        run: |
-          curl -O https://raw.githubusercontent.com/All-Hands-AI/OpenHands/main/scripts/openhands_api.py
-          python -m pip install --upgrade pip
-          pip install requests
-
-      - name: Run OpenHands Bug Fix
-        env:
-          OPENHANDS_API_KEY: ${{ secrets.OPENHANDS_API_KEY }}
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        run: |
-          python -c "
-          import sys
-          sys.path.append('.')
-          from openhands_api import OpenHandsAPI
-
-          # Create bug fix prompt
-          prompt = '''Please investigate and fix the bug described in this GitHub issue:
-
-          Repository: ${{ github.repository }}
-          Issue: #${{ github.event.issue.number }}
-          Title: ${{ github.event.issue.title }}
-
-          Issue Description:
-          ${{ github.event.issue.body }}
-
-          Please:
-          1. Analyze the issue and identify the root cause
-          2. Implement a fix with proper error handling
-          3. Add or update tests to prevent regression
-          4. Create a pull request with your changes
-          5. Include a clear description of what was fixed and how
-
-          Make sure to follow the project'\''s coding standards and best practices.
-          '''
-
-          # Start OpenHands conversation
-          client = OpenHandsAPI()
-          response = client.create_conversation(
-              initial_user_msg=prompt,
-              repository='${{ github.repository }}'
-          )
-
-          print(f'Started OpenHands bug fix: {response.get(\"conversation_id\", \"Unknown\")}')
-
-          # Poll for completion (optional - remove if you want fire-and-forget)
-          try:
-              final_response = client.poll_until_stopped(response['conversation_id'], timeout=1200)
-              print(f'Bug fix completed with status: {final_response.get(\"status\", \"Unknown\")}')
-          except Exception as e:
-              print(f'Bug fix may still be running: {e}')
-          "

.github/workflow-templates/openhands-code-review.properties.json

@@ -1,25 +0,0 @@
-{
-  "name": "OpenHands Code Review",
-  "description": "Automated code review using OpenHands AI agent. Reviews PRs for code quality, security, and best practices.",
-  "iconName": "octicon code-review",
-  "categories": [
-    "Code Quality",
-    "AI",
-    "Automation",
-    "Python",
-    "JavaScript",
-    "TypeScript"
-  ],
-  "filePatterns": [
-    ".*\\.py$",
-    ".*\\.js$",
-    ".*\\.ts$",
-    ".*\\.jsx$",
-    ".*\\.tsx$",
-    ".*\\.java$",
-    ".*\\.go$",
-    ".*\\.rs$",
-    ".*\\.cpp$",
-    ".*\\.c$"
-  ]
-}

.github/workflow-templates/openhands-code-review.yml

@@ -1,71 +0,0 @@
-name: OpenHands Code Review
-
-on:
-  pull_request:
-    types: [opened, synchronize]
-
-jobs:
-  openhands-review:
-    runs-on: ubuntu-latest
-    permissions:
-      contents: read
-      pull-requests: write
-      issues: write
-
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@v4
-
-      - name: Set up Python
-        uses: actions/setup-python@v5
-        with:
-          python-version: '3.11'
-
-      - name: Install OpenHands API helper
-        run: |
-          curl -O https://raw.githubusercontent.com/All-Hands-AI/OpenHands/main/scripts/openhands_api.py
-          python -m pip install --upgrade pip
-          pip install requests
-
-      - name: Run OpenHands Code Review
-        env:
-          OPENHANDS_API_KEY: ${{ secrets.OPENHANDS_API_KEY }}
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        run: |
-          python -c "
-          import sys
-          sys.path.append('.')
-          from openhands_api import OpenHandsAPI
-
-          # Create review prompt
-          prompt = '''Please review this pull request for:
-          - Code quality and best practices
-          - Security vulnerabilities
-          - Performance considerations
-          - Documentation completeness
-          - Test coverage
-
-          Repository: ${{ github.repository }}
-          PR: #${{ github.event.number }}
-          Title: ${{ github.event.pull_request.title }}
-
-          Please provide constructive feedback and suggestions for improvement.
-          If you find any issues, please create a detailed comment explaining the problem and suggesting solutions.
-          '''
-
-          # Start OpenHands conversation
-          client = OpenHandsAPI()
-          response = client.create_conversation(
-              initial_user_msg=prompt,
-              repository='${{ github.repository }}'
-          )
-
-          print(f'Started OpenHands review: {response.get(\"conversation_id\", \"Unknown\")}')
-
-          # Poll for completion (optional - remove if you want fire-and-forget)
-          try:
-              final_response = client.poll_until_stopped(response['conversation_id'], timeout=600)
-              print(f'Review completed with status: {final_response.get(\"status\", \"Unknown\")}')
-          except Exception as e:
-              print(f'Review may still be running: {e}')
-          "

.github/workflow-templates/openhands-custom-task.properties.json

@@ -1,14 +0,0 @@
-{
-  "name": "OpenHands Custom Task",
-  "description": "Run any custom development task using OpenHands AI agent. Manually triggered with custom task description.",
-  "iconName": "octicon tools",
-  "categories": [
-    "AI",
-    "Automation",
-    "Custom",
-    "Development"
-  ],
-  "filePatterns": [
-    ".*"
-  ]
-}

.github/workflow-templates/openhands-custom-task.yml

@@ -1,78 +0,0 @@
-name: OpenHands Custom Task
-
-on:
-  workflow_dispatch:
-    inputs:
-      task_description:
-        description: 'Describe the task you want OpenHands to perform'
-        required: true
-        type: string
-      timeout_minutes:
-        description: 'Timeout in minutes (default: 20)'
-        required: false
-        default: '20'
-        type: string
-
-jobs:
-  openhands-task:
-    runs-on: ubuntu-latest
-    permissions:
-      contents: write
-      pull-requests: write
-      issues: write
-
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@v4
-
-      - name: Set up Python
-        uses: actions/setup-python@v5
-        with:
-          python-version: '3.11'
-
-      - name: Install OpenHands API helper
-        run: |
-          curl -O https://raw.githubusercontent.com/All-Hands-AI/OpenHands/main/scripts/openhands_api.py
-          python -m pip install --upgrade pip
-          pip install requests
-
-      - name: Run OpenHands Custom Task
-        env:
-          OPENHANDS_API_KEY: ${{ secrets.OPENHANDS_API_KEY }}
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        run: |
-          python -c "
-          import sys
-          sys.path.append('.')
-          from openhands_api import OpenHandsAPI
-
-          # Create custom task prompt
-          prompt = '''${{ github.event.inputs.task_description }}
-
-          Repository: ${{ github.repository }}
-
-          Please complete this task following best practices:
-          - Write clean, well-documented code
-          - Add appropriate tests if needed
-          - Follow the project'\''s coding standards
-          - Create a pull request if changes are made
-          - Provide clear explanations of what was done
-          '''
-
-          # Start OpenHands conversation
-          client = OpenHandsAPI()
-          response = client.create_conversation(
-              initial_user_msg=prompt,
-              repository='${{ github.repository }}'
-          )
-
-          print(f'Started OpenHands custom task: {response.get(\"conversation_id\", \"Unknown\")}')
-
-          # Poll for completion
-          timeout_seconds = int('${{ github.event.inputs.timeout_minutes }}') * 60
-          try:
-              final_response = client.poll_until_stopped(response['conversation_id'], timeout=timeout_seconds)
-              print(f'Custom task completed with status: {final_response.get(\"status\", \"Unknown\")}')
-          except Exception as e:
-              print(f'Custom task may still be running or timed out: {e}')
-          "

.github/workflow-templates/openhands-documentation.properties.json

@@ -1,19 +0,0 @@
-{
-  "name": "OpenHands Documentation",
-  "description": "Automatically update and maintain project documentation using OpenHands AI agent. Runs weekly and on code changes.",
-  "iconName": "octicon book",
-  "categories": [
-    "Documentation",
-    "AI",
-    "Automation",
-    "Maintenance"
-  ],
-  "filePatterns": [
-    "README.md$",
-    ".*\\.md$",
-    "docs/.*",
-    ".*\\.py$",
-    ".*\\.js$",
-    ".*\\.ts$"
-  ]
-}

.github/workflow-templates/openhands-documentation.yml

@@ -1,81 +0,0 @@
-name: OpenHands Documentation
-
-on:
-  schedule:
-    - cron: '0 2 * * 1'  # Weekly on Monday at 2 AM UTC
-  workflow_dispatch:
-  push:
-    branches: [ $default-branch ]
-    paths:
-      - 'src/**'
-      - 'lib/**'
-      - '*.py'
-      - '*.js'
-      - '*.ts'
-
-jobs:
-  openhands-docs:
-    runs-on: ubuntu-latest
-    permissions:
-      contents: write
-      pull-requests: write
-
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@v4
-
-      - name: Set up Python
-        uses: actions/setup-python@v5
-        with:
-          python-version: '3.11'
-
-      - name: Install OpenHands API helper
-        run: |
-          curl -O https://raw.githubusercontent.com/All-Hands-AI/OpenHands/main/scripts/openhands_api.py
-          python -m pip install --upgrade pip
-          pip install requests
-
-      - name: Generate Documentation with OpenHands
-        env:
-          OPENHANDS_API_KEY: ${{ secrets.OPENHANDS_API_KEY }}
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        run: |
-          python -c "
-          import sys
-          sys.path.append('.')
-          from openhands_api import OpenHandsAPI
-
-          # Create documentation prompt
-          prompt = '''Please review the current codebase and update the project documentation:
-
-          Repository: ${{ github.repository }}
-
-          Tasks:
-          1. Review the README.md and ensure it accurately reflects the current project state
-          2. Update API documentation if there are new endpoints or changes
-          3. Check that code examples in documentation are up-to-date
-          4. Add documentation for any new features or significant changes
-          5. Ensure installation and setup instructions are current
-          6. Update any outdated links or references
-          7. Add or improve code comments where needed
-
-          Please create a pull request with your documentation updates if changes are needed.
-          Focus on clarity, accuracy, and completeness.
-          '''
-
-          # Start OpenHands conversation
-          client = OpenHandsAPI()
-          response = client.create_conversation(
-              initial_user_msg=prompt,
-              repository='${{ github.repository }}'
-          )
-
-          print(f'Started OpenHands documentation update: {response.get(\"conversation_id\", \"Unknown\")}')
-
-          # Poll for completion (optional - remove if you want fire-and-forget)
-          try:
-              final_response = client.poll_until_stopped(response['conversation_id'], timeout=900)
-              print(f'Documentation update completed with status: {final_response.get(\"status\", \"Unknown\")}')
-          except Exception as e:
-              print(f'Documentation update may still be running: {e}')
-          "

.github/workflows/cli-build-test.yml

@@ -0,0 +1,58 @@
+# Workflow that builds and tests the CLI binary executable
+name: CLI - Build and Test Binary
+
+# Run on pushes to main branch and all pull requests, but only when CLI files change
+on:
+  push:
+    branches:
+      - main
+    paths:
+      - "openhands-cli/**"
+  pull_request:
+    paths:
+      - "openhands-cli/**"
+
+# Cancel previous runs if a new commit is pushed
+concurrency:
+  group: ${{ github.workflow }}-${{ (github.head_ref && github.ref) || github.run_id }}
+  cancel-in-progress: true
+
+jobs:
+  build-and-test-binary:
+    name: Build and test binary executable
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Set up Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: 3.12
+
+      - name: Install uv
+        uses: astral-sh/setup-uv@v3
+        with:
+          version: "latest"
+
+      - name: Install dependencies
+        working-directory: openhands-cli
+        run: |
+          uv sync
+
+      - name: Build binary executable
+        working-directory: openhands-cli
+        run: |
+          ./build.sh --install-pyinstaller | tee output.log
+          echo "Full output:"
+          cat output.log
+
+          if grep -q "❌" output.log; then
+            echo "❌ Found failure marker in output"
+            exit 1
+          fi
+
+          echo "✅ Build & test finished without ❌ markers"

.github/workflows/dispatch-to-docs.yml

@@ -0,0 +1,23 @@
+name: Dispatch to docs repo
+
+on:
+  push:
+    branches: [main]
+    paths:
+      - 'docs/**'
+  workflow_dispatch:
+
+jobs:
+  dispatch:
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        repo: ["All-Hands-AI/docs"]
+    steps:
+      - name: Push to docs repo
+        uses: peter-evans/repository-dispatch@v3
+        with:
+          token: ${{ secrets.ALLHANDS_BOT_GITHUB_PAT }}
+          repository: ${{ matrix.repo }}
+          event-type: update
+          client-payload: '{"ref": "${{ github.ref }}", "sha": "${{ github.sha }}", "module": "openhands", "branch": "main"}'

.github/workflows/enterprise-preview.yml

@@ -0,0 +1,29 @@
+# Feature branch preview for enterprise code
+name: Enterprise Preview
+
+# Run on PRs labeled
+on:
+  pull_request:
+    types: [labeled]
+
+# Match ghcr-build.yml, but don't interrupt it.
+concurrency:
+  group: ${{ github.workflow }}-${{ (github.head_ref && github.ref) || github.run_id }}
+  cancel-in-progress: false
+
+jobs:
+  # This must happen for the PR Docker workflow when the label is present,
+  # and also if it's added after the fact. Thus, it exists in both places.
+  enterprise-preview:
+    name: Enterprise preview
+    if: github.event.label.name == 'deploy'
+    runs-on: blacksmith-4vcpu-ubuntu-2204
+    steps:
+      # This should match the version in ghcr-build.yml
+      - name: Trigger remote job
+        run: |
+          curl --fail-with-body -sS -X POST \
+            -H "Authorization: Bearer ${{ secrets.PAT_TOKEN }}" \
+            -H "Accept: application/vnd.github+json" \
+            -d "{\"ref\": \"main\", \"inputs\": {\"openhandsPrNumber\": \"${{ github.event.pull_request.number }}\", \"deployEnvironment\": \"feature\", \"enterpriseImageTag\": \"pr-${{ github.event.pull_request.number }}\" }}" \
+            https://api.github.com/repos/All-Hands-AI/deploy/actions/workflows/deploy.yaml/dispatches

.github/workflows/ghcr-build.yml

@@ -46,6 +46,7 @@ jobs:
           else
             json=$(jq -n -c '[
                 { image: "nikolaik/python-nodejs:python3.12-nodejs22", tag: "nikolaik" },
+                { image: "ghcr.io/all-hands-ai/python-nodejs:python3.13-nodejs22-trixie", tag: "trixie" },
                 { image: "ubuntu:24.04", tag: "ubuntu" }
               ]')
           fi
@@ -136,6 +137,7 @@ jobs:
         if: github.event.pull_request.head.repo.fork != true
         shell: bash
         run: |
+
           ./containers/build.sh -i runtime -o ${{ env.REPO_OWNER }} -t ${{ matrix.base_image.tag }} --dry
 
           DOCKER_BUILD_JSON=$(jq -c . < docker-build-dry.json)
@@ -176,8 +178,10 @@ jobs:
     # Do not build enterprise in forks
     if: github.event.pull_request.head.repo.fork != true
     steps:
-      - name: Checkout repository
+      - name: Checkout
         uses: actions/checkout@v4
+        with:
+          ref: ${{ github.event.pull_request.head.sha }}
 
       # Set up Docker Buildx for better performance
       - name: Set up Docker Buildx
@@ -209,6 +213,8 @@ jobs:
             latest=auto
             prefix=
             suffix=
+        env:
+          DOCKER_METADATA_PR_HEAD_SHA: true
       - name: Determine app image tag
         shell: bash
         run: |
@@ -235,12 +241,11 @@ jobs:
 
   enterprise-preview:
     name: Enterprise preview
-    if: |
-      (github.event_name == 'pull_request' && github.event.action == 'labeled' && github.event.label.name == 'deploy') ||
-      (github.event_name == 'pull_request' && github.event.action != 'labeled' && contains(github.event.pull_request.labels.*.name, 'deploy'))
+    if: github.event_name == 'pull_request' && contains(github.event.pull_request.labels.*.name, 'deploy')
     runs-on: blacksmith-4vcpu-ubuntu-2204
     needs: [ghcr_build_enterprise]
     steps:
+      # This should match the version in enterprise-preview.yml
       - name: Trigger remote job
         run: |
           curl --fail-with-body -sS -X POST \

.github/workflows/lint.yml

@@ -73,6 +73,24 @@ jobs:
         working-directory: ./enterprise
         run: pre-commit run --all-files --config ./dev_config/python/.pre-commit-config.yaml
 
+  lint-cli-python:
+    name: Lint CLI python
+    runs-on: blacksmith-4vcpu-ubuntu-2204
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+      - name: Set up python
+        uses: useblacksmith/setup-python@v6
+        with:
+          python-version: 3.12
+          cache: "pip"
+      - name: Install pre-commit
+        run: pip install pre-commit==4.2.0
+      - name: Run pre-commit hooks
+        working-directory: ./openhands-cli
+        run: pre-commit run --all-files --config ./dev_config/python/.pre-commit-config.yaml
+
   # Check version consistency across documentation
   check-version-consistency:
     name: Check version consistency

.github/workflows/mdx-lint.yml

@@ -0,0 +1,70 @@
+# Workflow that checks MDX format in docs/ folder
+name: MDX Lint
+
+# Run on pushes to main and on pull requests that modify docs/ files
+on:
+  push:
+    branches:
+      - main
+    paths:
+      - 'docs/**/*.mdx'
+  pull_request:
+    paths:
+      - 'docs/**/*.mdx'
+
+# If triggered by a PR, it will be in the same group. However, each commit on main will be in its own unique group
+concurrency:
+  group: ${{ github.workflow }}-${{ (github.head_ref && github.ref) || github.run_id }}
+  cancel-in-progress: true
+
+jobs:
+  mdx-lint:
+    name: Lint MDX files
+    runs-on: blacksmith-4vcpu-ubuntu-2204
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Install Node.js 22
+        uses: useblacksmith/setup-node@v5
+        with:
+          node-version: 22
+
+      - name: Install MDX dependencies
+        run: |
+          npm install @mdx-js/mdx@3 glob@10
+
+      - name: Validate MDX files
+        run: |
+          node -e "
+          const {compile} = require('@mdx-js/mdx');
+          const fs = require('fs');
+          const path = require('path');
+          const glob = require('glob');
+
+          async function validateMDXFiles() {
+            const files = glob.sync('docs/**/*.mdx');
+            console.log('Found', files.length, 'MDX files to validate');
+
+            let hasErrors = false;
+
+            for (const file of files) {
+              try {
+                const content = fs.readFileSync(file, 'utf8');
+                await compile(content);
+                console.log('✅ MDX parsing successful for', file);
+              } catch (err) {
+                console.error('❌ MDX parsing failed for', file, ':', err.message);
+                hasErrors = true;
+              }
+            }
+
+            if (hasErrors) {
+              console.error('\\n❌ Some MDX files have parsing errors. Please fix them before merging.');
+              process.exit(1);
+            } else {
+              console.log('\\n✅ All MDX files are valid!');
+            }
+          }
+
+          validateMDXFiles();
+          "

.github/workflows/py-tests.yml

@@ -19,12 +19,16 @@ jobs:
   # Run python tests on Linux
   test-on-linux:
     name: Python Tests on Linux
-    runs-on: blacksmith-4vcpu-ubuntu-2204
+    runs-on: blacksmith-4vcpu-ubuntu-2404
     env:
       INSTALL_DOCKER: "0" # Set to '0' to skip Docker installation
     strategy:
       matrix:
         python-version: ["3.12"]
+    permissions:
+      # For coverage comment and python-coverage-comment-action branch
+      pull-requests: write
+      contents: write
     steps:
       - uses: actions/checkout@v4
       - name: Set up Docker Buildx
@@ -48,10 +52,21 @@ jobs:
       - name: Build Environment
         run: make build
       - name: Run Unit Tests
-        run: PYTHONPATH=".:$PYTHONPATH" poetry run pytest --forked -n auto -svv ./tests/unit
+        run: PYTHONPATH=".:$PYTHONPATH" poetry run pytest --forked -n auto -s ./tests/unit --cov=openhands --cov-branch
+        env:
+          COVERAGE_FILE: ".coverage.${{ matrix.python_version }}"
       - name: Run Runtime Tests with CLIRuntime
-        run: PYTHONPATH=".:$PYTHONPATH" TEST_RUNTIME=cli poetry run pytest -svv tests/runtime/test_bash.py
-
+        run: PYTHONPATH=".:$PYTHONPATH" TEST_RUNTIME=cli poetry run pytest -s tests/runtime/test_bash.py --cov=openhands --cov-branch
+        env:
+          COVERAGE_FILE: ".coverage.runtime.${{ matrix.python_version }}"
+      - name: Store coverage file
+        uses: actions/upload-artifact@v4
+        with:
+          name: coverage-openhands
+          path: |
+            .coverage.${{ matrix.python_version }}
+            .coverage.runtime.${{ matrix.python_version }}
+          include-hidden-files: true
   # Run specific Windows python tests
   test-on-windows:
     name: Python Tests on Windows
@@ -85,7 +100,7 @@ jobs:
           DEBUG: "1"
   test-enterprise:
     name: Enterprise Python Unit Tests
-    runs-on: blacksmith-4vcpu-ubuntu-2204
+    runs-on: blacksmith-4vcpu-ubuntu-2404
     strategy:
       matrix:
         python-version: ["3.12"]
@@ -102,5 +117,87 @@ jobs:
         working-directory: ./enterprise
         run: poetry install --with dev,test
       - name: Run Unit Tests
-        working-directory: ./enterprise
-        run: PYTHONPATH=".:$PYTHONPATH" poetry run pytest --forked -n auto -svv -p no:ddtrace -p no:ddtrace.pytest_bdd -p no:ddtrace.pytest_benchmark ./tests/unit
+        # Use base working directory for coverage paths to line up.
+        run: PYTHONPATH=".:$PYTHONPATH" poetry run --project=enterprise pytest --forked -n auto -s -p no:ddtrace -p no:ddtrace.pytest_bdd -p no:ddtrace.pytest_benchmark ./enterprise/tests/unit --cov=enterprise --cov-branch
+        env:
+          COVERAGE_FILE: ".coverage.enterprise.${{ matrix.python_version }}"
+      - name: Store coverage file
+        uses: actions/upload-artifact@v4
+        with:
+          name: coverage-enterprise
+          path: ".coverage.enterprise.${{ matrix.python_version }}"
+          include-hidden-files: true
+
+  # Run CLI unit tests
+  test-cli-python:
+    name: CLI Unit Tests
+    runs-on: blacksmith-4vcpu-ubuntu-2404
+    strategy:
+      matrix:
+        python-version: ["3.12"]
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Set up Python
+        uses: useblacksmith/setup-python@v6
+        with:
+          python-version: ${{ matrix.python-version }}
+
+      - name: Install uv
+        uses: astral-sh/setup-uv@v3
+        with:
+          version: "latest"
+
+      - name: Install dependencies
+        working-directory: ./openhands-cli
+        run: |
+          uv sync --group dev
+
+      - name: Run CLI unit tests
+        working-directory: ./openhands-cli
+        env:
+          # write coverage to repo root so the merge step finds it
+          COVERAGE_FILE: "${{ github.workspace }}/.coverage.openhands-cli.${{ matrix.python-version }}"
+        run: |
+          uv run pytest --forked -n auto -s \
+            -p no:ddtrace -p no:ddtrace.pytest_bdd -p no:ddtrace.pytest_benchmark \
+            tests --cov=openhands_cli --cov-branch
+
+      - name: Store coverage file
+        uses: actions/upload-artifact@v4
+        with:
+          name: coverage-openhands-cli
+          path: ".coverage.openhands-cli.${{ matrix.python-version }}"
+          include-hidden-files: true
+
+
+  coverage-comment:
+    name: Coverage Comment
+    if: github.event_name == 'pull_request'
+    runs-on: ubuntu-latest
+    needs: [test-on-linux, test-enterprise, test-cli-python]
+
+    permissions:
+      pull-requests: write
+      contents: write
+    steps:
+      - uses: actions/checkout@v4
+
+      - uses: actions/download-artifact@v5
+        id: download
+        with:
+          pattern: coverage-*
+          merge-multiple: true
+
+      - name: Create symlink for CLI source files
+        run: ln -sf openhands-cli/openhands_cli openhands_cli
+
+      - name: Coverage comment
+        id: coverage_comment
+        uses: py-cov-action/python-coverage-comment-action@v3
+        with:
+          GITHUB_TOKEN: ${{ github.token }}
+          MERGE_COVERAGE_FILES: true

.github/workflows/pypi-release.yml

@@ -1,7 +1,7 @@
 # Publishes the OpenHands PyPi package
 name: Publish PyPi Package
 
-# Triggered manually
+
 on:
   workflow_dispatch:
     inputs:
@@ -9,6 +9,9 @@ on:
         description: 'Reason for manual trigger'
         required: true
         default: ''
+  push:
+    tags:
+      - "*"
 
 jobs:
   release:

.github/workflows/stale.yml

@@ -15,8 +15,8 @@ jobs:
           stale-issue-message: 'This issue is stale because it has been open for 40 days with no activity. Remove the stale label or leave a comment, otherwise it will be closed in 10 days.'
           stale-pr-message: 'This PR is stale because it has been open for 40 days with no activity. Remove the stale label or leave a comment, otherwise it will be closed in 10 days.'
           days-before-stale: 40
-          exempt-issue-labels: roadmap,backlog
+          exempt-issue-labels: roadmap,backlog,app-team
           close-issue-message: 'This issue was automatically closed due to 50 days of inactivity. We do this to help keep the issues somewhat manageable and focus on active issues.'
           close-pr-message: 'This PR was closed because it had no activity for 50 days. If you feel this was closed in error, and you would like to continue the PR, please resubmit or let us know.'
           days-before-close: 10
-          operations-per-run: 150
+          operations-per-run: 300

.github/workflows/welcome-good-first-issue.yml

@@ -45,7 +45,7 @@ jobs:
                     "This issue has been labeled as **good first issue**, which means it's a great place to get started with the OpenHands project.\n\n" +
                     "If you're interested in working on it, feel free to! No need to ask for permission.\n\n" +
                     "Be sure to check out our [development setup guide](" + repoUrl + "/blob/main/Development.md) to get your environment set up, and follow our [contribution guidelines](" + repoUrl + "/blob/main/CONTRIBUTING.md) when you're ready to submit a fix.\n\n" +
-                    "Feel free to join our developer community on [Slack](dub.sh/openhands). You can ask for [help](https://openhands-ai.slack.com/archives/C078L0FUGUX), [feedback](https://openhands-ai.slack.com/archives/C086ARSNMGA), and even ask for a [PR review](https://openhands-ai.slack.com/archives/C08D8FJ5771).\n\n" +
+                    "Feel free to join our developer community on [Slack](https://all-hands.dev/joinslack). You can ask for [help](https://openhands-ai.slack.com/archives/C078L0FUGUX), [feedback](https://openhands-ai.slack.com/archives/C086ARSNMGA), and even ask for a [PR review](https://openhands-ai.slack.com/archives/C08D8FJ5771).\n\n" +
                     "🙌 Happy hacking! 🙌\n\n" +
                     "<!-- auto-comment:good-first-issue -->"
             });

.openhands/microagents/repo.md

@@ -87,8 +87,6 @@ VSCode Extension:
 
 If you are starting a pull request (PR), please follow the template in `.github/pull_request_template.md`.
 
-If you need to add labels when opening a PR, check the existing labels defined on that repository and select from existing ones. Do not invent your own labels.
-
 ## Implementation Details
 
 These details may or may not be useful for your current task.

CODE_OF_CONDUCT.md

@@ -113,19 +113,19 @@ individual, or aggression toward or disparagement of classes of individuals.
 **Consequence**: A permanent ban from any sort of public interaction within the
 community.
 
-### Slack and Discord Etiquettes
+### Slack Etiquettes
 
-These Slack and Discord etiquette guidelines are designed to foster an inclusive, respectful, and productive environment for all community members. By following these best practices, we ensure effective communication and collaboration while minimizing disruptions. Let’s work together to build a supportive and welcoming community!
+These Slack etiquette guidelines are designed to foster an inclusive, respectful, and productive environment for all community members. By following these best practices, we ensure effective communication and collaboration while minimizing disruptions. Let’s work together to build a supportive and welcoming community!
 
 - Communicate respectfully and professionally, avoiding sarcasm or harsh language, and remember that tone can be difficult to interpret in text.
 - Use threads for specific discussions to keep channels organized and easier to follow.
 - Tag others only when their input is critical or urgent, and use @here, @channel or @everyone sparingly to minimize disruptions.
 - Be patient, as open-source contributors and maintainers often have other commitments and may need time to respond.
-- Post questions or discussions in the most relevant channel (e.g., for [slack - #general](https://openhands-ai.slack.com/archives/C06P5NCGSFP) for general topics, [slack - #questions](https://openhands-ai.slack.com/archives/C06U8UTKSAD) for queries/questions, [discord - #general](https://discord.com/channels/1222935860639563850/1222935861386018885)).
+- Post questions or discussions in the most relevant channel (e.g., for [slack - #general](https://openhands-ai.slack.com/archives/C06P5NCGSFP) for general topics, [slack - #questions](https://openhands-ai.slack.com/archives/C06U8UTKSAD) for queries/questions.
 - When asking for help or raising issues, include necessary details like links, screenshots, or clear explanations to provide context.
 - Keep discussions in public channels whenever possible to allow others to benefit from the conversation, unless the matter is sensitive or private.
 - Always adhere to [our standards](https://github.com/All-Hands-AI/OpenHands/blob/main/CODE_OF_CONDUCT.md#our-standards) to ensure a welcoming and collaborative environment.
-- If you choose to mute a channel, consider setting up alerts for topics that still interest you to stay engaged. For Slack, Go to Settings → Notifications → My Keywords to add specific keywords that will notify you when mentioned. For example, if you're here for discussions about LLMs, mute the channel if it’s too busy, but set notifications to alert you only when “LLMs” appears in messages. Also for Discord, go to the channel notifications and choose the option that best describes your need.
+- If you choose to mute a channel, consider setting up alerts for topics that still interest you to stay engaged. For Slack, Go to Settings → Notifications → My Keywords to add specific keywords that will notify you when mentioned. For example, if you're here for discussions about LLMs, mute the channel if it’s too busy, but set notifications to alert you only when “LLMs” appears in messages.
 
 ## Attribution
 

Development.md

@@ -159,7 +159,7 @@ poetry run pytest ./tests/unit/test_*.py
 To reduce build time (e.g., if no changes were made to the client-runtime component), you can use an existing Docker
 container image by setting the SANDBOX_RUNTIME_CONTAINER_IMAGE environment variable to the desired Docker image.
 
-Example: `export SANDBOX_RUNTIME_CONTAINER_IMAGE=ghcr.io/all-hands-ai/runtime:0.55-nikolaik`
+Example: `export SANDBOX_RUNTIME_CONTAINER_IMAGE=ghcr.io/all-hands-ai/runtime:0.58-nikolaik`
 
 ## Develop inside Docker container
 

README.md

@@ -11,8 +11,7 @@
   <a href="https://github.com/All-Hands-AI/OpenHands/stargazers"><img src="https://img.shields.io/github/stars/All-Hands-AI/OpenHands?style=for-the-badge&color=blue" alt="Stargazers"></a>
   <a href="https://github.com/All-Hands-AI/OpenHands/blob/main/LICENSE"><img src="https://img.shields.io/github/license/All-Hands-AI/OpenHands?style=for-the-badge&color=blue" alt="MIT License"></a>
   <br/>
-  <a href="https://join.slack.com/t/openhands-ai/shared_invite/zt-3847of6xi-xuYJIPa6YIPg4ElbDWbtSA"><img src="https://img.shields.io/badge/Slack-Join%20Us-red?logo=slack&logoColor=white&style=for-the-badge" alt="Join our Slack community"></a>
-  <a href="https://discord.gg/ESHStjSjD4"><img src="https://img.shields.io/badge/Discord-Join%20Us-purple?logo=discord&logoColor=white&style=for-the-badge" alt="Join our Discord community"></a>
+  <a href="https://all-hands.dev/joinslack"><img src="https://img.shields.io/badge/Slack-Join%20Us-red?logo=slack&logoColor=white&style=for-the-badge" alt="Join our Slack community"></a>
   <a href="https://github.com/All-Hands-AI/OpenHands/blob/main/CREDITS.md"><img src="https://img.shields.io/badge/Project-Credits-blue?style=for-the-badge&color=FFE165&logo=github&logoColor=white" alt="Credits"></a>
   <br/>
   <a href="https://docs.all-hands.dev/usage/getting-started"><img src="https://img.shields.io/badge/Documentation-000?logo=googledocs&logoColor=FFE165&style=for-the-badge" alt="Check out the documentation"></a>
@@ -44,8 +43,6 @@ Learn more at [docs.all-hands.dev](https://docs.all-hands.dev), or [sign up for
 > [this short form](https://docs.google.com/forms/d/e/1FAIpQLSet3VbGaz8z32gW9Wm-Grl4jpt5WgMXPgJ4EDPVmCETCBpJtQ/viewform)
 > to join our Design Partner program, where you'll get early access to commercial features and the opportunity to provide input on our product roadmap.
 
-![App screenshot](./docs/static/img/screenshot.png)
-
 ## ☁️ OpenHands Cloud
 The easiest way to get started with OpenHands is on [OpenHands Cloud](https://app.all-hands.dev),
 which comes with $20 in free credits for new users.
@@ -79,17 +76,17 @@ You'll find OpenHands running at [http://localhost:3000](http://localhost:3000)
 You can also run OpenHands directly with Docker:
 
 ```bash
-docker pull docker.all-hands.dev/all-hands-ai/runtime:0.55-nikolaik
+docker pull docker.all-hands.dev/all-hands-ai/runtime:0.58-nikolaik
 
 docker run -it --rm --pull=always \
-    -e SANDBOX_RUNTIME_CONTAINER_IMAGE=docker.all-hands.dev/all-hands-ai/runtime:0.55-nikolaik \
+    -e SANDBOX_RUNTIME_CONTAINER_IMAGE=docker.all-hands.dev/all-hands-ai/runtime:0.58-nikolaik \
     -e LOG_ALL_EVENTS=true \
     -v /var/run/docker.sock:/var/run/docker.sock \
     -v ~/.openhands:/.openhands \
     -p 3000:3000 \
     --add-host host.docker.internal:host-gateway \
     --name openhands-app \
-    docker.all-hands.dev/all-hands-ai/openhands:0.55
+    docker.all-hands.dev/all-hands-ai/openhands:0.58
 ```
 
 </details>
@@ -103,7 +100,7 @@ docker run -it --rm --pull=always \
 ### Getting Started
 
 When you open the application, you'll be asked to choose an LLM provider and add an API key.
-[Anthropic's Claude Sonnet 4](https://www.anthropic.com/api) (`anthropic/claude-sonnet-4-20250514`)
+[Anthropic's Claude Sonnet 4.5](https://www.anthropic.com/api) (`anthropic/claude-sonnet-4-5-20250929`)
 works best, but you have [many options](https://docs.all-hands.dev/usage/llms).
 
 See the [Running OpenHands](https://docs.all-hands.dev/usage/installation) guide for
@@ -140,10 +137,9 @@ troubleshooting resources, and advanced configuration options.
 ## 🤝 How to Join the Community
 
 OpenHands is a community-driven project, and we welcome contributions from everyone. We do most of our communication
-through Slack, so this is the best place to start, but we also are happy to have you contact us on Discord or Github:
+through Slack, so this is the best place to start, but we also are happy to have you contact us on Github:
 
-- [Join our Slack workspace](https://join.slack.com/t/openhands-ai/shared_invite/zt-3847of6xi-xuYJIPa6YIPg4ElbDWbtSA) - Here we talk about research, architecture, and future development.
-- [Join our Discord server](https://discord.gg/ESHStjSjD4) - This is a community-run server for general discussion, questions, and feedback.
+- [Join our Slack workspace](https://all-hands.dev/joinslack) - Here we talk about research, architecture, and future development.
 - [Read or post Github Issues](https://github.com/All-Hands-AI/OpenHands/issues) - Check out the issues we're working on, or add your own ideas.
 
 See more about the community in [COMMUNITY.md](./COMMUNITY.md) or find details on contributing in [CONTRIBUTING.md](./CONTRIBUTING.md).

README_CN.md

@@ -1,148 +0,0 @@
-
-<a name="readme-top"></a>
-
-<div align="center">
-  <img src="./docs/static/img/logo.png" alt="Logo" width="200">
-  <h1 align="center">OpenHands: 少写代码，多做事</h1>
-</div>
-
-
-<div align="center">
-  <a href="https://github.com/All-Hands-AI/OpenHands/graphs/contributors"><img src="https://img.shields.io/github/contributors/All-Hands-AI/OpenHands?style=for-the-badge&color=blue" alt="Contributors"></a>
-  <a href="https://github.com/All-Hands-AI/OpenHands/stargazers"><img src="https://img.shields.io/github/stars/All-Hands-AI/OpenHands?style=for-the-badge&color=blue" alt="Stargazers"></a>
-  <a href="https://github.com/All-Hands-AI/OpenHands/blob/main/LICENSE"><img src="https://img.shields.io/github/license/All-Hands-AI/OpenHands?style=for-the-badge&color=blue" alt="MIT License"></a>
-  <br/>
-  <a href="https://join.slack.com/t/openhands-ai/shared_invite/zt-3847of6xi-xuYJIPa6YIPg4ElbDWbtSA"><img src="https://img.shields.io/badge/Slack-Join%20Us-red?logo=slack&logoColor=white&style=for-the-badge" alt="加入我们的Slack社区"></a>
-  <a href="https://discord.gg/ESHStjSjD4"><img src="https://img.shields.io/badge/Discord-Join%20Us-purple?logo=discord&logoColor=white&style=for-the-badge" alt="加入我们的Discord社区"></a>
-  <a href="https://github.com/All-Hands-AI/OpenHands/blob/main/CREDITS.md"><img src="https://img.shields.io/badge/Project-Credits-blue?style=for-the-badge&color=FFE165&logo=github&logoColor=white" alt="致谢"></a>
-  <br/>
-  <a href="https://docs.all-hands.dev/usage/getting-started"><img src="https://img.shields.io/badge/Documentation-000?logo=googledocs&logoColor=FFE165&style=for-the-badge" alt="查看文档"></a>
-  <a href="https://arxiv.org/abs/2407.16741"><img src="https://img.shields.io/badge/Paper%20on%20Arxiv-000?logoColor=FFE165&logo=arxiv&style=for-the-badge" alt="Arxiv论文"></a>
-  <a href="https://docs.google.com/spreadsheets/d/1wOUdFCMyY6Nt0AIqF705KN4JKOWgeI4wUGUP60krXXs/edit?gid=0#gid=0"><img src="https://img.shields.io/badge/Benchmark%20score-000?logoColor=FFE165&logo=huggingface&style=for-the-badge" alt="评估基准分数"></a>
-  <hr>
-</div>
-
-欢迎使用OpenHands（前身为OpenDevin），这是一个由AI驱动的软件开发代理平台。
-
-OpenHands代理可以完成人类开发者能做的任何事情：修改代码、运行命令、浏览网页、调用API，甚至从StackOverflow复制代码片段。
-
-在[docs.all-hands.dev](https://docs.all-hands.dev)了解更多信息，或[注册OpenHands Cloud](https://app.all-hands.dev)开始使用。
-
-> [!IMPORTANT]
-> 在工作中使用OpenHands？我们很想与您交流！填写
-> [这份简短表格](https://docs.google.com/forms/d/e/1FAIpQLSet3VbGaz8z32gW9Wm-Grl4jpt5WgMXPgJ4EDPVmCETCBpJtQ/viewform)
-> 加入我们的设计合作伙伴计划，您将获得商业功能的早期访问权限，并有机会对我们的产品路线图提供意见。
-
-![应用截图](./docs/static/img/screenshot.png)
-
-## ☁️ OpenHands Cloud
-开始使用OpenHands的最简单方式是在[OpenHands Cloud](https://app.all-hands.dev)上，
-新用户可获得$50的免费额度。
-
-## 💻 在本地运行OpenHands
-
-OpenHands也可以使用Docker在本地系统上运行。
-查看[运行OpenHands](https://docs.all-hands.dev/usage/installation)指南了解
-系统要求和更多信息。
-
-> [!WARNING]
-> 在公共网络上？请参阅我们的[强化Docker安装指南](https://docs.all-hands.dev/usage/runtimes/docker#hardened-docker-installation)
-> 通过限制网络绑定和实施其他安全措施来保护您的部署。
-
-
-```bash
-docker pull docker.all-hands.dev/all-hands-ai/runtime:0.55-nikolaik
-
-docker run -it --rm --pull=always \
-    -e SANDBOX_RUNTIME_CONTAINER_IMAGE=docker.all-hands.dev/all-hands-ai/runtime:0.55-nikolaik \
-    -e LOG_ALL_EVENTS=true \
-    -v /var/run/docker.sock:/var/run/docker.sock \
-    -v ~/.openhands:/.openhands \
-    -p 3000:3000 \
-    --add-host host.docker.internal:host-gateway \
-    --name openhands-app \
-    docker.all-hands.dev/all-hands-ai/openhands:0.55
-```
-
-> **注意**: 如果您在0.44版本之前使用过OpenHands，您可能需要运行 `mv ~/.openhands-state ~/.openhands` 来将对话历史迁移到新位置。
-
-您将在[http://localhost:3000](http://localhost:3000)找到运行中的OpenHands！
-
-打开应用程序时，您将被要求选择一个LLM提供商并添加API密钥。
-[Anthropic的Claude Sonnet 4](https://www.anthropic.com/api)（`anthropic/claude-sonnet-4-20250514`）
-效果最佳，但您还有[许多选择](https://docs.all-hands.dev/usage/llms)。
-
-## 💡 运行OpenHands的其他方式
-
-> [!CAUTION]
-> OpenHands旨在由单个用户在其本地工作站上运行。
-> 它不适合多租户部署，即多个用户共享同一实例。没有内置的身份验证、隔离或可扩展性。
->
-> 如果您有兴趣在多租户环境中运行OpenHands，请
-> [与我们联系](https://docs.google.com/forms/d/e/1FAIpQLSet3VbGaz8z32gW9Wm-Grl4jpt5WgMXPgJ4EDPVmCETCBpJtQ/viewform)
-> 了解高级部署选项。
-
-您还可以[将OpenHands连接到本地文件系统](https://docs.all-hands.dev/usage/runtimes/docker#connecting-to-your-filesystem)，
-以可编程的[无头模式](https://docs.all-hands.dev/usage/how-to/headless-mode)运行OpenHands，
-通过[友好的CLI](https://docs.all-hands.dev/usage/how-to/cli-mode)与其交互，
-或使用[GitHub Action](https://docs.all-hands.dev/usage/how-to/github-action)在标记的问题上运行它。
-
-访问[运行OpenHands](https://docs.all-hands.dev/usage/installation)获取更多信息和设置说明。
-
-如果您想修改OpenHands源代码，请查看[Development.md](https://github.com/All-Hands-AI/OpenHands/blob/main/Development.md)。
-
-遇到问题？[故障排除指南](https://docs.all-hands.dev/usage/troubleshooting)可以提供帮助。
-
-## 📖 文档
-  <a href="https://deepwiki.com/All-Hands-AI/OpenHands"><img src="https://deepwiki.com/badge.svg" alt="Ask DeepWiki" title="DeepWiki自动生成文档"></a>
-
-要了解有关项目的更多信息，以及使用OpenHands的技巧，
-请查看我们的[文档](https://docs.all-hands.dev/usage/getting-started)。
-
-在那里，您将找到有关如何使用不同LLM提供商、
-故障排除资源和高级配置选项的资源。
-
-## 🤝 如何加入社区
-
-OpenHands是一个社区驱动的项目，我们欢迎每个人的贡献。我们大部分沟通
-通过Slack进行，因此这是开始的最佳场所，但我们也很乐意您通过Discord或Github与我们联系：
-
-- [加入我们的Slack工作空间](https://join.slack.com/t/openhands-ai/shared_invite/zt-3847of6xi-xuYJIPa6YIPg4ElbDWbtSA) - 这里我们讨论研究、架构和未来发展。
-- [加入我们的Discord服务器](https://discord.gg/ESHStjSjD4) - 这是一个社区运营的服务器，用于一般讨论、问题和反馈。
-- [阅读或发布Github问题](https://github.com/All-Hands-AI/OpenHands/issues) - 查看我们正在处理的问题，或添加您自己的想法。
-
-在[COMMUNITY.md](./COMMUNITY.md)中了解更多关于社区的信息，或在[CONTRIBUTING.md](./CONTRIBUTING.md)中找到有关贡献的详细信息。
-
-## 📈 进展
-
-在[这里](https://github.com/orgs/All-Hands-AI/projects/1)查看OpenHands月度路线图（每月月底在维护者会议上更新）。
-
-<p align="center">
-  <a href="https://star-history.com/#All-Hands-AI/OpenHands&Date">
-    <img src="https://api.star-history.com/svg?repos=All-Hands-AI/OpenHands&type=Date" width="500" alt="Star History Chart">
-  </a>
-</p>
-
-## 📜 许可证
-
-根据MIT许可证分发。有关更多信息，请参阅[`LICENSE`](./LICENSE)。
-
-## 🙏 致谢
-
-OpenHands由大量贡献者构建，每一份贡献都备受感谢！我们还借鉴了其他开源项目，对他们的工作深表感谢。
-
-有关OpenHands中使用的开源项目和许可证列表，请参阅我们的[CREDITS.md](./CREDITS.md)文件。
-
-## 📚 引用
-
-```
-@misc{openhands,
-      title={{OpenHands: An Open Platform for AI Software Developers as Generalist Agents}},
-      author={Xingyao Wang and Boxuan Li and Yufan Song and Frank F. Xu and Xiangru Tang and Mingchen Zhuge and Jiayi Pan and Yueqi Song and Bowen Li and Jaskirat Singh and Hoang H. Tran and Fuqiang Li and Ren Ma and Mingzhang Zheng and Bill Qian and Yanjun Shao and Niklas Muennighoff and Yizhe Zhang and Binyuan Hui and Junyang Lin and Robert Brennan and Hao Peng and Heng Ji and Graham Neubig},
-      year={2024},
-      eprint={2407.16741},
-      archivePrefix={arXiv},
-      primaryClass={cs.SE},
-      url={https://arxiv.org/abs/2407.16741},
-}
-```

README_JA.md

@@ -1,60 +0,0 @@
-<a name="readme-top"></a>
-
-<div align="center">
-  <img src="./docs/static/img/logo.png" alt="Logo" width="200">
-  <h1 align="center">OpenHands: コードを減らして、もっと作ろう</h1>
-</div>
-
-<div align="center">
-  <a href="https://github.com/All-Hands-AI/OpenHands/graphs/contributors"><img src="https://img.shields.io/github/contributors/All-Hands-AI/OpenHands?style=for-the-badge&color=blue" alt="Contributors"></a>
-  <a href="https://github.com/All-Hands-AI/OpenHands/stargazers"><img src="https://img.shields.io/github/stars/All-Hands-AI/OpenHands?style=for-the-badge&color=blue" alt="Stargazers"></a>
-  <a href="https://github.com/All-Hands-AI/OpenHands/blob/main/LICENSE"><img src="https://img.shields.io/github/license/All-Hands-AI/OpenHands?style=for-the-badge&color=blue" alt="MIT License"></a>
-  <br/>
-  <a href="https://join.slack.com/t/openhands-ai/shared_invite/zt-3847of6xi-xuYJIPa6YIPg4ElbDWbtSA"><img src="https://img.shields.io/badge/Slack-Join%20Us-red?logo=slack&logoColor=white&style=for-the-badge" alt="Slackコミュニティに参加"></a>
-  <a href="https://discord.gg/ESHStjSjD4"><img src="https://img.shields.io/badge/Discord-Join%20Us-purple?logo=discord&logoColor=white&style=for-the-badge" alt="Discordコミュニティに参加"></a>
-  <a href="https://github.com/All-Hands-AI/OpenHands/blob/main/CREDITS.md"><img src="https://img.shields.io/badge/Project-Credits-blue?style=for-the-badge&color=FFE165&logo=github&logoColor=white" alt="クレジット"></a>
-  <br/>
-  <a href="https://docs.all-hands.dev/usage/getting-started"><img src="https://img.shields.io/badge/Documentation-000?logo=googledocs&logoColor=FFE165&style=for-the-badge" alt="ドキュメントを見る"></a>
-  <a href="https://arxiv.org/abs/2407.16741"><img src="https://img.shields.io/badge/Paper%20on%20Arxiv-000?logoColor=FFE165&logo=arxiv&style=for-the-badge" alt="Arxiv論文"></a>
-  <a href="https://docs.google.com/spreadsheets/d/1wOUdFCMyY6Nt0AIqF705KN4JKOWgeI4wUGUP60krXXs/edit?gid=0#gid=0"><img src="https://img.shields.io/badge/Benchmark%20score-000?logoColor=FFE165&logo=huggingface&style=for-the-badge" alt="評価ベンチマークスコア"></a>
-  <hr>
-</div>
-
-OpenHands（旧OpenDevin）へようこそ。これはAIが駆動するソフトウェア開発エージェントのプラットフォームです。
-
-OpenHandsのエージェントは人間の開発者ができることは何でもこなします。コードを修正し、コマンドを実行し、ウェブを閲覧し、APIを呼び出し、StackOverflowからコードスニペットをコピーすることさえできます。
-
-詳細は[docs.all-hands.dev](https://docs.all-hands.dev)をご覧いただくか、[OpenHands Cloud](https://app.all-hands.dev)に登録して始めましょう。
-
-> [!IMPORTANT]
-> 仕事でOpenHandsを使っていますか？ぜひお話を聞かせてください。[こちらの短いフォーム](https://docs.google.com/forms/d/e/1FAIpQLSet3VbGaz8z32gW9Wm-Grl4jpt5WgMXPgJ4EDPVmCETCBpJtQ/viewform)にご記入いただき、Design Partnerプログラムにご参加ください。商用機能の早期アクセスや製品ロードマップへのフィードバックの機会を提供します。
-
-![アプリのスクリーンショット](./docs/static/img/screenshot.png)
-
-## ☁️ OpenHands Cloud
-OpenHandsを始める最も簡単な方法は[OpenHands Cloud](https://app.all-hands.dev)を利用することです。新規ユーザーには50ドル分の無料クレジットが付与されます。
-
-## 💻 OpenHandsをローカルで実行する
-
-OpenHandsはDockerを利用してローカル環境でも実行できます。システム要件や詳細については[Running OpenHands](https://docs.all-hands.dev/usage/installation)ガイドをご覧ください。
-
-> [!WARNING]
-> 公共ネットワークで実行していますか？[Hardened Docker Installation Guide](https://docs.all-hands.dev/usage/runtimes/docker#hardened-docker-installation)を参照して、ネットワークバインディングの制限や追加のセキュリティ対策を実施してください。
-
-```bash
-docker pull docker.all-hands.dev/all-hands-ai/runtime:0.55-nikolaik
-
-docker run -it --rm --pull=always \
-    -e SANDBOX_RUNTIME_CONTAINER_IMAGE=docker.all-hands.dev/all-hands-ai/runtime:0.55-nikolaik \
-    -e LOG_ALL_EVENTS=true \
-    -v /var/run/docker.sock:/var/run/docker.sock \
-    -v ~/.openhands:/.openhands \
-    -p 3000:3000 \
-    --add-host host.docker.internal:host-gateway \
-    --name openhands-app \
-    docker.all-hands.dev/all-hands-ai/openhands:0.55
-```
-
-**注**: バージョン0.44以前のOpenHandsを使用していた場合は、会話履歴を移行するために `mv ~/.openhands-state ~/.openhands` を実行してください。
-
-OpenHandsは[http://localhost:3000](http://localhost:3000)で起動します！

config.template.toml

@@ -219,6 +219,14 @@ correct_num = 5
 api_key = ""
 model = "gpt-4o"
 
+# Example routing LLM configuration for multimodal model routing
+# Uncomment and configure to enable model routing with a secondary model
+#[llm.secondary_model]
+#model = "kimi-k2"
+#api_key = ""
+#for_routing = true
+#max_input_tokens = 128000
+
 
 #################################### Agent ###################################
 # Configuration for agents (group name starts with 'agent')
@@ -480,3 +488,55 @@ type = "noop"
 
 # Run the runtime sandbox container in privileged mode for use with docker-in-docker
 #privileged = false
+
+#################################### MCP #####################################
+# Configuration for Model Context Protocol (MCP) servers
+# MCP allows OpenHands to communicate with external tool servers
+##############################################################################
+[mcp]
+# SSE servers - Server-Sent Events transport (legacy)
+#sse_servers = [
+#    # Basic SSE server with just a URL
+#    "http://localhost:8080/mcp/sse",
+#
+#    # SSE server with authentication
+#    {url = "https://api.example.com/mcp/sse", api_key = "your-api-key"}
+#]
+
+# SHTTP servers - Streamable HTTP transport (recommended)
+#shttp_servers = [
+#    # Basic SHTTP server with default 60s timeout
+#    "https://api.example.com/mcp/shttp",
+#
+#    # SHTTP server with custom timeout for long-running tools
+#    {
+#        url = "https://api.example.com/mcp/shttp",
+#        api_key = "your-api-key",
+#        timeout = 180  # 3 minutes for processing-heavy tools (1-3600 seconds)
+#    }
+#]
+
+# Stdio servers - Direct process communication (development only)
+#stdio_servers = [
+#    # Basic stdio server
+#    {name = "filesystem", command = "npx", args = ["@modelcontextprotocol/server-filesystem", "/"]},
+#
+#    # Stdio server with environment variables
+#    {
+#        name = "fetch",
+#        command = "uvx",
+#        args = ["mcp-server-fetch"],
+#        env = {DEBUG = "true"}
+#    }
+#]
+
+#################################### Model Routing ############################
+# Configuration for experimental model routing feature
+# Enables intelligent switching between different LLM models for specific purposes
+##############################################################################
+[model_routing]
+# Router to use for model selection
+# Available options:
+# - "noop_router" (default): No routing, always uses primary LLM
+# - "multimodal_router": A router that switches between primary and secondary models, depending on whether the input is multimodal or not
+#router_name = "noop_router"

containers/app/Dockerfile

@@ -1,5 +1,5 @@
 ARG OPENHANDS_BUILD_VERSION=dev
-FROM node:24.3.0-bookworm-slim AS frontend-builder
+FROM node:24.8-trixie-slim AS frontend-builder
 
 WORKDIR /app
 
@@ -9,7 +9,7 @@ RUN npm ci
 COPY frontend ./
 RUN npm run build
 
-FROM python:3.12.10-slim AS base
+FROM python:3.13.7-slim-trixie AS base
 FROM base AS backend-builder
 
 WORKDIR /app

containers/dev/compose.yml

@@ -12,7 +12,7 @@ services:
       - SANDBOX_API_HOSTNAME=host.docker.internal
       - DOCKER_HOST_ADDR=host.docker.internal
       #
-      - SANDBOX_RUNTIME_CONTAINER_IMAGE=${SANDBOX_RUNTIME_CONTAINER_IMAGE:-ghcr.io/all-hands-ai/runtime:0.55-nikolaik}
+      - SANDBOX_RUNTIME_CONTAINER_IMAGE=${SANDBOX_RUNTIME_CONTAINER_IMAGE:-ghcr.io/all-hands-ai/runtime:0.58-nikolaik}
       - SANDBOX_USER_ID=${SANDBOX_USER_ID:-1234}
       - WORKSPACE_MOUNT_PATH=${WORKSPACE_BASE:-$PWD/workspace}
     ports:

dev_config/python/.pre-commit-config.yaml

@@ -3,9 +3,9 @@ repos:
     rev: v5.0.0
     hooks:
       - id: trailing-whitespace
-        exclude: ^(docs/|modules/|python/|openhands-ui/|third_party/|enterprise/)
+        exclude: ^(docs/|modules/|python/|openhands-ui/|third_party/|enterprise/|openhands-cli/)
       - id: end-of-file-fixer
-        exclude: ^(docs/|modules/|python/|openhands-ui/|third_party/|enterprise/)
+        exclude: ^(docs/|modules/|python/|openhands-ui/|third_party/|enterprise/|openhands-cli/)
       - id: check-yaml
         args: ["--allow-multiple-documents"]
       - id: debug-statements
@@ -28,12 +28,12 @@ repos:
         entry: ruff check --config dev_config/python/ruff.toml
         types_or: [python, pyi, jupyter]
         args: [--fix, --unsafe-fixes]
-        exclude: ^(third_party/|enterprise/)
+        exclude: ^(third_party/|enterprise/|openhands-cli/)
       # Run the formatter.
       - id: ruff-format
         entry: ruff format --config dev_config/python/ruff.toml
         types_or: [python, pyi, jupyter]
-        exclude: ^(third_party/|enterprise/)
+        exclude: ^(third_party/|enterprise/|openhands-cli/)
 
   - repo: https://github.com/pre-commit/mirrors-mypy
     rev: v1.15.0

dev_config/python/mypy.ini

@@ -7,6 +7,7 @@ warn_unreachable = True
 warn_redundant_casts = True
 no_implicit_optional = True
 strict_optional = True
+disable_error_code = type-abstract
 
 # Exclude third-party runtime directory from type checking
 exclude = (third_party/|enterprise/)

docker-compose.yml

@@ -7,7 +7,7 @@ services:
     image: openhands:latest
     container_name: openhands-app-${DATE:-}
     environment:
-      - SANDBOX_RUNTIME_CONTAINER_IMAGE=${SANDBOX_RUNTIME_CONTAINER_IMAGE:-docker.all-hands.dev/all-hands-ai/runtime:0.55-nikolaik}
+      - SANDBOX_RUNTIME_CONTAINER_IMAGE=${SANDBOX_RUNTIME_CONTAINER_IMAGE:-docker.all-hands.dev/all-hands-ai/runtime:0.58-nikolaik}
       #- SANDBOX_USER_ID=${SANDBOX_USER_ID:-1234} # enable this only if you want a specific non-root sandbox user but you will have to manually adjust permissions of ~/.openhands for this user
       - WORKSPACE_MOUNT_PATH=${WORKSPACE_BASE:-$PWD/workspace}
     ports:

docs/README.md

@@ -1,17 +1,36 @@
-# Setup
+# OpenHands Documentation
 
-```
+This directory contains the documentation for OpenHands. The documentation is automatically synchronized with the [All-Hands-AI/docs](https://github.com/All-Hands-AI/docs) repository, which hosts the unified documentation site using Mintlify.
+
+## Documentation Structure
+
+The documentation files in this directory are automatically included in the main documentation site via Git submodules. When you make changes to documentation in this repository, they will be automatically synchronized to the docs repository.
+
+## How It Works
+
+1. **Automatic Sync**: When documentation changes are pushed to the `main` branch, a GitHub Action automatically notifies the docs repository
+2. **Submodule Update**: The docs repository updates its submodule reference to include your latest changes  
+3. **Site Rebuild**: Mintlify automatically rebuilds and deploys the documentation site
+
+## Making Documentation Changes
+
+Simply edit the documentation files in this directory as usual. The synchronization happens automatically when changes are merged to the main branch.
+
+## Local Development
+
+For local documentation development in this repository only:
+
+```bash
 npm install -g mint
-```
-
-or
-
-```
+# or
 yarn global add mint
-```
 
-# Preview
-
-```
+# Preview local changes
 mint dev
 ```
+
+For the complete unified documentation site, work with the [All-Hands-AI/docs](https://github.com/All-Hands-AI/docs) repository.
+
+## Configuration
+
+The Mintlify configuration (`docs.json`) has been moved to the root of the [All-Hands-AI/docs](https://github.com/All-Hands-AI/docs) repository to enable unified documentation across multiple repositories.

docs/docs.json

@@ -3,18 +3,16 @@
   "theme": "mint",
   "name": "All Hands Docs",
   "colors": {
-    "primary": "#99873c",
-    "light": "#ffe165",
-    "dark": "#ffe165"
+    "primary": "#99873c"
   },
   "background": {
     "color": {
-      "light": "#f7f3ee",
-      "dark": "#0B0D0E"
+      "light": "#f7f3ee"
     }
   },
   "appearance": {
-    "default": "light"
+    "default": "light",
+    "strict": true
   },
   "favicon": "/logo-square.png",
   "navigation": {
@@ -31,6 +29,7 @@
             "group": "OpenHands Cloud",
             "pages": [
               "usage/cloud/openhands-cloud",
+              "usage/cloud/pro-subscription",
               {
                 "group": "Integrations",
                 "pages": [
@@ -109,8 +108,7 @@
                 },
                 "usage/configuration-options",
                 "usage/how-to/custom-sandbox-guide",
-                "usage/search-engine-setup",
-                "usage/mcp"
+                "usage/search-engine-setup"
                 ]
               }
             ]
@@ -118,7 +116,13 @@
           {
             "group": "Customizations & Settings",
             "pages": [
-              "usage/common-settings",
+              {
+                "group": "OpenHands Settings",
+                "pages": [
+                  "usage/settings/secrets-settings",
+                  "usage/settings/mcp-settings"
+                ]
+              },
               "usage/prompting/repository",
               {
                 "group": "Microagents",
@@ -208,9 +212,8 @@
   },
   "footer": {
     "socials": {
-      "slack": "https://join.slack.com/t/openhands-ai/shared_invite/zt-3847of6xi-xuYJIPa6YIPg4ElbDWbtSA",
-      "github": "https://github.com/All-Hands-AI/OpenHands",
-      "discord": "https://discord.gg/ESHStjSjD4"
+      "slack": "https://all-hands.dev/joinslack",
+      "github": "https://github.com/All-Hands-AI/OpenHands"
     }
   },
   "contextual": {

docs/index.mdx

@@ -4,7 +4,8 @@ description: OpenHands - Code Less, Make More
 icon: book-open
 mode: wide
 ---
-Use AI to tackle the toil in your backlog. Our agents have all the same tools as a human developer: they can modify code, run commands, browse the web, call APIs, and yes-even copy code snippets from StackOverflow.
+Use AI to tackle the toil in your backlog. Our agents have all the same tools as a human developer:
+they can modify code, run commands, browse the web, call APIs, and yes-even copy code snippets from StackOverflow.
 
 <iframe
   className="w-full aspect-video"

docs/reo-init.js

@@ -0,0 +1,14 @@
+// Reo.dev tracking initialization
+(function() {
+  var e, t, n;
+  e = "6bac7145b4ee6ec";
+  t = function() {
+    Reo.init({clientID: "6bac7145b4ee6ec"});
+  };
+  n = document.createElement("script");
+  n.src = "https://static.reo.dev/" + e + "/reo.js";
+  n.defer = true;
+  n.onload = t;
+  document.head.appendChild(n);
+})();
+

docs/usage/architecture/runtime.mdx

@@ -124,7 +124,7 @@ This tagging approach allows OpenHands to efficiently manage both development an
 OpenHands supports both bind mounts and Docker named volumes in SandboxConfig.volumes:
 
 - Bind mount: "/abs/host/path:/container/path[:mode]"
-- Named volume: "volume:<name>:/container/path[:mode]" or any non-absolute host spec treated as a named volume
+- Named volume: "volume:`<name>`:/container/path[:mode]" or any non-absolute host spec treated as a named volume
 
 Overlay mode (copy-on-write layer) is supported for bind mounts by appending ":overlay" to the mode (e.g., ":ro,overlay").
 To enable overlay COW, set SANDBOX_VOLUME_OVERLAYS to a writable host directory; per-container upper/work dirs are created under it. If SANDBOX_VOLUME_OVERLAYS is unset, overlay mounts are skipped.

docs/usage/cloud/bitbucket-installation.mdx

@@ -8,9 +8,21 @@ description: This guide walks you through the process of installing OpenHands Cl
 
 - Signed in to [OpenHands Cloud](https://app.all-hands.dev) with [a Bitbucket account](/usage/cloud/openhands-cloud).
 
+## Adding Bitbucket Repository Access
+
+Upon signing into OpenHands Cloud with a Bitbucket account, OpenHands will have access to your repositories.
+
+## Working With Bitbucket Repos in Openhands Cloud
+
+After signing in with a Bitbucket account, use the `Open Repository` section to select the appropriate repository and
+branch you'd like OpenHands to work on. Then click on `Launch` to start the conversation!
+
+![Connect Repo](/static/img/connect-repo.png)
+
 ## IP Whitelisting
 
-If your Bitbucket Cloud instance has IP restrictions, you'll need to whitelist the following IP addresses to allow OpenHands to access your repositories:
+If your Bitbucket Cloud instance has IP restrictions, you'll need to whitelist the following IP addresses to allow
+OpenHands to access your repositories:
 
 ### Core App IP
 ```
@@ -31,17 +43,6 @@ If your Bitbucket Cloud instance has IP restrictions, you'll need to whitelist t
 34.60.55.59
 ```
 
-## Adding Bitbucket Repository Access
-
-Upon signing into OpenHands Cloud with a Bitbucket account, OpenHands will have access to your repositories.
-
-## Working With Bitbucket Repos in Openhands Cloud
-
-After signing in with a Bitbucket account, use the `select a repo` and `select a branch` dropdowns to select the
-appropriate repository and branch you'd like OpenHands to work on. Then click on `Launch` to start the conversation!
-
-![Connect Repo](/static/img/connect-repo-no-github.png)
-
 ## Next Steps
 
 - [Learn about the Cloud UI](/usage/cloud/cloud-ui).

docs/usage/cloud/cloud-api.mdx

@@ -12,104 +12,92 @@ For the available API endpoints, refer to the
 To use the OpenHands Cloud API, you'll need to generate an API key:
 
 1. Log in to your [OpenHands Cloud](https://app.all-hands.dev) account.
-2. Navigate to the [Settings page](https://app.all-hands.dev/settings).
-3. Select the `API Keys` tab.
-4. Click `Create API Key`.
-5. Give your key a descriptive name (Example: "Development" or "Production") and select `Create`.
-6. Copy the generated API key and store it securely. It will only be shown once.
+2. Navigate to the [Settings > API Keys](https://app.all-hands.dev/settings/api-keys) page.
+3. Click `Create API Key`.
+4. Give your key a descriptive name (Example: "Development" or "Production") and select `Create`.
+5. Copy the generated API key and store it securely. It will only be shown once.
 
-![API Key Generation](/static/img/api-key-generation.png)
-
-## API Usage
+## API Usage Example
 
 ### Starting a New Conversation
 
-To start a new conversation with OpenHands to perform a task, you'll need to make a POST request to the conversation endpoint.
+To start a new conversation with OpenHands to perform a task,
+[you'll need to make a POST request to the conversation endpoint](/api-reference/new-conversation).
 
-#### Request Parameters
+<Tabs>
+  <Tab title="cURL">
+    ```bash
+    curl -X POST "https://app.all-hands.dev/api/conversations" \
+      -H "Authorization: Bearer YOUR_API_KEY" \
+      -H "Content-Type: application/json" \
+      -d '{
+        "initial_user_msg": "Check whether there is any incorrect information in the README.md file and send a PR to fix it if so.",
+        "repository": "yourusername/your-repo"
+      }'
+    ```
+  </Tab>
+  <Tab title="Python (with requests)">
+    ```python
+    import requests
 
-| Parameter          | Type     | Required | Description                                                                                          |
-|--------------------|----------|----------|------------------------------------------------------------------------------------------------------|
-| `initial_user_msg` | string   | Yes      | The initial message to start the conversation.                                                       |
-| `repository`       | string   | No       | Git repository name to provide context in the format `owner/repo`. You must have access to the repo. |
+    api_key = "YOUR_API_KEY"
+    url = "https://app.all-hands.dev/api/conversations"
 
-#### Examples
-
-
-<Accordion title="cURL">
-  ```bash
-  curl -X POST "https://app.all-hands.dev/api/conversations" \
-    -H "Authorization: Bearer YOUR_API_KEY" \
-    -H "Content-Type: application/json" \
-    -d '{
-      "initial_user_msg": "Check whether there is any incorrect information in the README.md file and send a PR to fix it if so.",
-      "repository": "yourusername/your-repo"
-    }'
-  ```
-</Accordion>
-
-<Accordion title="Python (with requests)">
-  ```python
-  import requests
-
-  api_key = "YOUR_API_KEY"
-  url = "https://app.all-hands.dev/api/conversations"
-
-  headers = {
-      "Authorization": f"Bearer {api_key}",
-      "Content-Type": "application/json"
-  }
-
-  data = {
-      "initial_user_msg": "Check whether there is any incorrect information in the README.md file and send a PR to fix it if so.",
-      "repository": "yourusername/your-repo"
-  }
-
-  response = requests.post(url, headers=headers, json=data)
-  conversation = response.json()
-
-  print(f"Conversation Link: https://app.all-hands.dev/conversations/{conversation['conversation_id']}")
-  print(f"Status: {conversation['status']}")
-  ```
-</Accordion>
-
-<Accordion title="TypeScript/JavaScript (with fetch)">
-  ```typescript
-  const apiKey = "YOUR_API_KEY";
-  const url = "https://app.all-hands.dev/api/conversations";
-
-  const headers = {
-    "Authorization": `Bearer ${apiKey}`,
-    "Content-Type": "application/json"
-  };
-
-  const data = {
-    initial_user_msg: "Check whether there is any incorrect information in the README.md file and send a PR to fix it if so.",
-    repository: "yourusername/your-repo"
-  };
-
-  async function startConversation() {
-    try {
-      const response = await fetch(url, {
-        method: "POST",
-        headers: headers,
-        body: JSON.stringify(data)
-      });
-
-      const conversation = await response.json();
-
-      console.log(`Conversation Link: https://app.all-hands.dev/conversations/${conversation.id}`);
-      console.log(`Status: ${conversation.status}`);
-
-      return conversation;
-    } catch (error) {
-      console.error("Error starting conversation:", error);
+    headers = {
+        "Authorization": f"Bearer {api_key}",
+        "Content-Type": "application/json"
     }
-  }
 
-  startConversation();
-  ```
-</Accordion>
+    data = {
+        "initial_user_msg": "Check whether there is any incorrect information in the README.md file and send a PR to fix it if so.",
+        "repository": "yourusername/your-repo"
+    }
+
+    response = requests.post(url, headers=headers, json=data)
+    conversation = response.json()
+
+    print(f"Conversation Link: https://app.all-hands.dev/conversations/{conversation['conversation_id']}")
+    print(f"Status: {conversation['status']}")
+    ```
+    </Tab>
+    <Tab title="TypeScript/JavaScript (with fetch)">
+        ```typescript
+    const apiKey = "YOUR_API_KEY";
+    const url = "https://app.all-hands.dev/api/conversations";
+
+    const headers = {
+      "Authorization": `Bearer ${apiKey}`,
+      "Content-Type": "application/json"
+    };
+
+    const data = {
+      initial_user_msg: "Check whether there is any incorrect information in the README.md file and send a PR to fix it if so.",
+      repository: "yourusername/your-repo"
+    };
+
+    async function startConversation() {
+      try {
+        const response = await fetch(url, {
+          method: "POST",
+          headers: headers,
+          body: JSON.stringify(data)
+        });
+
+        const conversation = await response.json();
+
+        console.log(`Conversation Link: https://app.all-hands.dev/conversations/${conversation.id}`);
+        console.log(`Status: ${conversation.status}`);
+
+        return conversation;
+      } catch (error) {
+        console.error("Error starting conversation:", error);
+      }
+    }
+
+    startConversation();
+    ```
+  </Tab>
+</Tabs>
 
 #### Response
 
@@ -128,42 +116,6 @@ You may receive an `AuthenticationError` if:
 - You provided the wrong repository name.
 - You don't have access to the repository.
 
-
-### Retrieving Conversation Status
-
-You can check the status of a conversation by making a GET request to the conversation endpoint.
-
-#### Endpoint
-
-```
-GET https://app.all-hands.dev/api/conversations/{conversation_id}
-```
-
-#### Example
-
-<Accordion title="cURL">
-  ```bash
-  curl -X GET "https://app.all-hands.dev/api/conversations/{conversation_id}" \
-    -H "Authorization: Bearer YOUR_API_KEY"
-  ```
-</Accordion>
-
-#### Response
-
-The response is formatted as follows:
-
-```json
-{
-  "conversation_id":"abc1234",
-  "title":"Update README.md",
-  "created_at":"2025-04-29T15:13:51.370706Z",
-  "last_updated_at":"2025-04-29T15:13:57.199210Z",
-  "status":"RUNNING",
-  "selected_repository":"yourusername/your-repo",
-  "trigger":"gui"
-}
-```
-
 ## Rate Limits
 
 If you have too many conversations running at once, older conversations will be paused to limit the number of concurrent conversations.

docs/usage/cloud/cloud-ui.mdx

@@ -8,24 +8,39 @@ description: The Cloud UI provides a web interface for interacting with OpenHand
 
 The landing page is where you can:
 
-- [Add GitHub repository access](/usage/cloud/github-installation#adding-github-repository-access) to OpenHands.
 - [Select a GitHub repo](/usage/cloud/github-installation#working-with-github-repos-in-openhands-cloud),
   [a GitLab repo](/usage/cloud/gitlab-installation#working-with-gitlab-repos-in-openhands-cloud) or
   [a Bitbucket repo](/usage/cloud/bitbucket-installation#working-with-bitbucket-repos-in-openhands-cloud) to start working on.
+- Launch an empty conversation using `New Conversation`.
 - See `Suggested Tasks` for repositories that OpenHands has access to.
-- Launch an empty conversation using `Launch from Scratch`.
+- See your `Recent Conversations`.
 
 ## Settings
 
-The Settings page allows you to:
+Settings are divided across tabs, with each tab focusing on a specific area of configuration.
 
-- [Configure GitHub repository access](/usage/cloud/github-installation#modifying-repository-access) for OpenHands.
-- [Install the OpenHands Slack app](/usage/cloud/slack-installation).
-- Set application settings like your preferred language, notifications and other preferences.
-- Add credits to your account.
-- [Generate custom secrets](/usage/common-settings#secrets-management).
-- [Create API keys to work with OpenHands programmatically](/usage/cloud/cloud-api).
-- Change your email address.
+- `User`
+  - Change your email address.
+- `Integrations`
+  - [Configure GitHub repository access](/usage/cloud/github-installation#modifying-repository-access) for OpenHands.
+  - [Install the OpenHands Slack app](/usage/cloud/slack-installation).
+- `Application`
+  - Set your preferred language, notifications and other preferences.
+  - Toggle task suggestions on GitHub.
+  - Toggle Solvability Analysis.
+  - Set a maximum budget per conversation.
+  - Configure the username and email that OpenHands uses for commits.
+- `LLM` (Available for [Pro subscription users](/usage/cloud/pro-subscription))
+  - Choose to use another LLM or use different models from the OpenHands provider.
+- `Billing`
+  - Add credits for using the OpenHands provider.
+  - Cancel your `Pro subscription`.
+- `Secrets`
+  - [Manage secrets](/usage/settings/secrets-settings).
+- `API Keys`
+  - [Create API keys to work with OpenHands programmatically](/usage/cloud/cloud-api).
+- `MCP`
+  - [Setup an MCP server](/usage/settings/mcp-settings)
 
 ## Key Features
 

docs/usage/cloud/github-installation.mdx

@@ -12,7 +12,7 @@ description: This guide walks you through the process of installing OpenHands Cl
 
 You can grant OpenHands access to specific GitHub repositories:
 
-1. Click on `Add GitHub repos` on the landing page.
+1. Click on `+ Add GitHub Repos` in the repository selection dropdown.
 2. Select your organization and choose the specific repositories to grant OpenHands access to.
 <Accordion title="OpenHands permissions">
   - OpenHands requests short-lived tokens (8-hour expiration) with these permissions:
@@ -34,20 +34,22 @@ You can grant OpenHands access to specific GitHub repositories:
 ## Modifying Repository Access
 
 You can modify GitHub repository access at any time by:
-- Selecting `Add GitHub repos` on the landing page or
-- Visiting the Settings page and selecting `Configure GitHub Repositories` under the `Integrations` tab
+- Selecting `+ Add GitHub Repos` in the repository selection dropdown or
+- Visiting the `Settings > Integrations` page and selecting `Configure GitHub Repositories`
 
 ## Working With GitHub Repos in Openhands Cloud
 
-Once you've granted GitHub repository access, you can start working with your GitHub repository. Use the `select a repo`
-and `select a branch` dropdowns to select the appropriate repository and branch you'd like OpenHands to work on. Then
-click on `Launch` to start the conversation!
+Once you've granted GitHub repository access, you can start working with your GitHub repository. Use the
+`Open Repository` section to select the appropriate repository and branch you'd like OpenHands to work on. Then click
+on `Launch` to start the conversation!
 
 ![Connect Repo](/static/img/connect-repo.png)
 
-## Working on Github Issues and Pull Requests Using Openhands
+## Working on GitHub Issues and Pull Requests Using Openhands
 
-Giving GitHub repository access to OpenHands also allows you to work on GitHub issues and pull requests directly.
+To allow OpenHands to work directly from GitHub directly, you must
+[give OpenHands access to your repository](/usage/cloud/github-installation#modifying-repository-access). Once access is
+given, you can use OpenHands by labeling the issue or by tagging `@openhands`.
 
 ### Working with Issues
 
@@ -64,7 +66,12 @@ To get OpenHands to work on pull requests, mention `@openhands` in the comments
 - Request updates
 - Get code explanations
 
-**Important Note**: The `@openhands` mention functionality in pull requests only works if the pull request is both *to* and *from* a repository that you have added through the interface. This is because OpenHands needs appropriate permissions to access both repositories.
+<Note>
+The `@openhands` mention functionality in pull requests only works if the pull request is both
+*to* and *from* a repository that you have added through the interface. This is because OpenHands needs appropriate
+permissions to access both repositories.
+</Note>
+
 
 ## Next Steps
 

docs/usage/cloud/gitlab-installation.mdx

@@ -14,16 +14,17 @@ Upon signing into OpenHands Cloud with a GitLab account, OpenHands will have acc
 
 ## Working With GitLab Repos in Openhands Cloud
 
-After signing in with a Gitlab account, use the `select a repo` and `select a branch` dropdowns to select the
-appropriate repository and branch you'd like OpenHands to work on. Then click on `Launch` to start the conversation!
+After signing in with a Gitlab account, use the `Open Repository` section to select the appropriate repository and
+branch you'd like OpenHands to work on. Then click on `Launch` to start the conversation!
 
-![Connect Repo](/static/img/connect-repo-no-github.png)
+![Connect Repo](/static/img/connect-repo.png)
 
 ## Using Tokens with Reduced Scopes
 
 OpenHands requests an API-scoped token during OAuth authentication. By default, this token is provided to the agent.
-To restrict the agent's permissions, you can define a custom secret `GITLAB_TOKEN`, which will override the default token assigned to the agent.
-While the high-permission API token is still requested and used for other components of the application (e.g. opening merge requests), the agent will not have access to it.
+To restrict the agent's permissions, [you can define a custom secret](/usage/settings/secrets-settings) `GITLAB_TOKEN`,
+which will override the default token assigned to the agent. While the high-permission API token is still requested
+and used for other components of the application (e.g. opening merge requests), the agent will not have access to it.
 
 ## Working on GitLab Issues and Merge Requests Using Openhands
 
@@ -32,7 +33,8 @@ This feature works for personal projects and is available for group projects wit
 [Premium or Ultimate tier subscription](https://docs.gitlab.com/user/project/integrations/webhooks/#group-webhooks).
 
 A webhook is automatically installed within a few minutes after the owner/maintainer of the project or group logs into
-OpenHands Cloud. If you decide to delete the webhook, then re-installing will require the support of All Hands AI but we are planning to improve this in a future release.
+OpenHands Cloud. If you decide to delete the webhook, then re-installing will require the support of All Hands AI but
+we are planning to improve this in a future release.
 </Note>
 
 Giving GitLab repository access to OpenHands also allows you to work on GitLab issues and merge requests directly.

docs/usage/cloud/pro-subscription.mdx

@@ -0,0 +1,50 @@
+---
+title: "Pro Subscription"
+description: "Learn about OpenHands Cloud Pro Subscription features and pricing."
+---
+
+## Overview
+
+The OpenHands Pro Subscription unlocks additional features and better pricing when you run OpenHands conversations in
+OpenHands Cloud.
+
+## Base Features
+
+All users start on the Pay-as-you-go plan and have access to these base features when they sign up:
+
+* **Run multiple OpenHands conversations on OpenHands Cloud runtimes.**
+* **API keys to the OpenHands LLM provider for use in OpenHands CLI or when running OpenHands on your own.**
+* **$20 in initial OpenHands Cloud credits to get started.**
+* **Support for GitHub, GitLab, Bitbucket, Slack, and more.**
+
+## What you get with a Pro Subscription
+
+The $20/month Pro subscription covers the cost of runtime compute in OpenHands Cloud, plus enables the following
+features:
+
+* **Bring Your Own LLM Keys:** Bring your own API keys from OpenAI, Anthropic, Mistral, and other providers.
+* **Model Choice:** Unlocks access to OpenHands LLM provider models for use within OpenHands Cloud.
+* **No Markup Pricing on LLM usage:** When you use the OpenHands LLM provider in OpenHands Cloud, you pay for
+LLM usage at-cost (zero markup) based on API prices.
+
+## Plan Comparison
+
+Here are the key differences between Pay-as-you-go and Pro subscriptions:
+
+### When running OpenHands conversations in OpenHands Cloud
+|  | Pay-as-you-go | Pro Subscription |
+| :---- | ----- | ----- |
+| Monthly price | None \- no commitment | $20/month |
+| Can I bring my own LLM key? | No | ✅ Yes |
+| Do I pay for LLM usage? | ✅ Yes | ✅ Yes |
+| Can I select from different LLMs without bringing my own LLM key? | No \- defaults to Claude Sonnet 4 | ✅ Yes \- via OpenHands LLM provider <br/><br/>[*See models and pricing*](https://docs.all-hands.dev/usage/llms/openhands-llms#pricing) |
+| How much am I charged for LLM usage? | **Marked up pricing** \- 2x Claude Sonnet 4 API prices. *This markup helps cover the cost of runtime compute.* | **No markup** \- 1x API prices. *The $20 monthly subscription covers the cost of runtime compute.* |
+
+
+### When using the OpenHands LLM Provider outside of OpenHands Cloud
+The following applies to **both** the Pay-as-you-go and Pro subscription:
+|  | Pay-as-you-go or Pro Subscription |
+| :---- | :---- |
+| Do I have access to multiple models via the OpenHands LLM provider? | ✅ Yes <br/><br/> [*See models and pricing*](https://docs.all-hands.dev/usage/llms/openhands-llms#pricing) |
+| Can I generate and refresh OpenHands LLM API keys? | ✅ Yes |
+| How much am I charged for LLM usage when I use the OpenHands LLM provider in other AI coding tools?  | **No markup** \- pay 1x API prices <br/> [*See models and pricing*](https://docs.all-hands.dev/usage/llms/openhands-llms#pricing) <br/><br/> *Usage is deducted from your OpenHands Cloud credit balance.*  <br/><br/> *The OpenHands LLM provider is available to all OpenHands Cloud users, and LLM usage is billed at-cost (zero markup). Use these models with OpenHands CLI, running OpenHands on your own, or even other AI coding agents\! [Learn more.](https://www.all-hands.dev/blog/access-state-of-the-art-llm-models-at-cost-via-openhands-gui-and-cli)* |

docs/usage/cloud/slack-installation.mdx

@@ -13,7 +13,9 @@ description: This guide walks you through installing the OpenHands Slack app.
 </iframe>
 
 <Info>
-OpenHands utilizes a large language model (LLM), which may generate responses that are inaccurate or incomplete. While we strive for accuracy, OpenHands' outputs are not guaranteed to be correct, and we encourage users to validate critical information independently.
+OpenHands utilizes a large language model (LLM), which may generate responses that are inaccurate or incomplete.
+While we strive for accuracy, OpenHands' outputs are not guaranteed to be correct, and we encourage users to
+validate critical information independently.
 </Info>
 
 ## Prerequisites
@@ -39,7 +41,7 @@ OpenHands utilizes a large language model (LLM), which may generate responses th
   **Make sure your Slack workspace admin/owner has installed OpenHands Slack App first.**
 
   Every user in the Slack workspace (including admins/owners) must link their OpenHands Cloud account to the OpenHands Slack App. To do this:
-  1. Visit [integrations settings](https://app.all-hands.dev/settings/integrations) in OpenHands Cloud.
+  1. Visit the [Settings > Integrations](https://app.all-hands.dev/settings/integrations) page in OpenHands Cloud.
   2. Click `Install OpenHands Slack App`.
   3. In the top right corner, select the workspace to install the OpenHands Slack app.
   4. Review permissions and click allow.
@@ -57,7 +59,8 @@ To start a new conversation, you can mention `@openhands` in a new message or a
 
 Once a conversation is started, all thread messages underneath it will be follow-up messages to OpenHands.
 
-To send follow-up messages for the same conversation, mention `@openhands` in a thread reply to the original message. You must be the user who started the conversation.
+To send follow-up messages for the same conversation, mention `@openhands` in a thread reply to the original message.
+You must be the user who started the conversation.
 
 ## Example conversation
 

docs/usage/configuration-options.mdx

@@ -8,6 +8,11 @@ description: This page outlines all available configuration options for OpenHand
    In GUI Mode, any settings applied through the Settings UI will take precedence.
 </Note>
 
+<Note>
+   **Looking for Environment Variables?** All configuration options can also be set using environment variables. 
+   See the [Environment Variables Reference](./environment-variables) for a complete list with examples.
+</Note>
+
 ## Location of the `config.toml` File
 
 When running OpenHands in CLI, headless, or development mode, you can use a project-specific `config.toml` file for configuration, which must be
@@ -18,6 +23,11 @@ specify a different path to the `config.toml` file.
 
 The core configuration options are defined in the `[core]` section of the `config.toml` file.
 
+Core configuration options can be set as environment variables by converting to uppercase. For example:
+- `debug` → `DEBUG`
+- `cache_dir` → `CACHE_DIR`
+- `runtime` → `RUNTIME`
+
 ### Workspace
 - `workspace_base` **(Deprecated)**
   - Type: `str`
@@ -141,6 +151,11 @@ The LLM (Large Language Model) configuration options are defined in the `[llm]`
 
 To use these with the docker command, pass in `-e LLM_<option>`. Example: `-e LLM_NUM_RETRIES`.
 
+All LLM configuration options can be set as environment variables by prefixing with `LLM_` and converting to uppercase. For example:
+- `model` → `LLM_MODEL`
+- `api_key` → `LLM_API_KEY`
+- `base_url` → `LLM_BASE_URL`
+
 <Note>
 For development setups, you can also define custom named LLM configurations. See [Custom LLM Configurations](./llms/custom-llm-configs) for details.
 </Note>
@@ -277,6 +292,11 @@ For development setups, you can also define custom named LLM configurations. See
 
 The agent configuration options are defined in the `[agent]` and `[agent.<agent_name>]` sections of the `config.toml` file.
 
+Agent configuration options can be set as environment variables by prefixing with `AGENT_` and converting to uppercase. For example:
+- `enable_browsing` → `AGENT_ENABLE_BROWSING`
+- `function_calling` → `AGENT_FUNCTION_CALLING`
+- `llm_config` → `AGENT_LLM_CONFIG`
+
 ### LLM Configuration
 - `llm_config`
   - Type: `str`
@@ -328,6 +348,11 @@ The sandbox configuration options are defined in the `[sandbox]` section of the
 
 To use these with the docker command, pass in `-e SANDBOX_<option>`. Example: `-e SANDBOX_TIMEOUT`.
 
+All sandbox configuration options can be set as environment variables by prefixing with `SANDBOX_` and converting to uppercase. For example:
+- `timeout` → `SANDBOX_TIMEOUT`
+- `user_id` → `SANDBOX_USER_ID`
+- `base_container_image` → `SANDBOX_BASE_CONTAINER_IMAGE`
+
 ### Execution
 - `timeout`
   - Type: `int`
@@ -390,6 +415,10 @@ The security configuration options are defined in the `[security]` section of th
 
 To use these with the docker command, pass in `-e SECURITY_<option>`. Example: `-e SECURITY_CONFIRMATION_MODE`.
 
+All security configuration options can be set as environment variables by prefixing with `SECURITY_` and converting to uppercase. For example:
+- `confirmation_mode` → `SECURITY_CONFIRMATION_MODE`
+- `security_analyzer` → `SECURITY_SECURITY_ANALYZER`
+
 ### Confirmation Mode
 - `confirmation_mode`
   - Type: `bool`

docs/usage/environment-variables.mdx

@@ -0,0 +1,251 @@
+---
+title: Environment Variables Reference
+description: Complete reference of all environment variables supported by OpenHands
+---
+
+This page provides a reference of environment variables that can be used to configure OpenHands. Environment variables provide an alternative to TOML configuration files and are particularly useful for containerized deployments, CI/CD pipelines, and cloud environments.
+
+## Environment Variable Naming Convention
+
+OpenHands follows a consistent naming pattern for environment variables:
+
+- **Core settings**: Direct uppercase mapping (e.g., `debug` → `DEBUG`)
+- **LLM settings**: Prefixed with `LLM_` (e.g., `model` → `LLM_MODEL`)
+- **Agent settings**: Prefixed with `AGENT_` (e.g., `enable_browsing` → `AGENT_ENABLE_BROWSING`)
+- **Sandbox settings**: Prefixed with `SANDBOX_` (e.g., `timeout` → `SANDBOX_TIMEOUT`)
+- **Security settings**: Prefixed with `SECURITY_` (e.g., `confirmation_mode` → `SECURITY_CONFIRMATION_MODE`)
+
+## Core Configuration Variables
+
+These variables correspond to the `[core]` section in `config.toml`:
+
+| Environment Variable | Type | Default | Description |
+|---------------------|------|---------|-------------|
+| `DEBUG` | boolean | `false` | Enable debug logging throughout the application |
+| `DISABLE_COLOR` | boolean | `false` | Disable colored output in terminal |
+| `CACHE_DIR` | string | `"/tmp/cache"` | Directory path for caching |
+| `SAVE_TRAJECTORY_PATH` | string | `"./trajectories"` | Path to store conversation trajectories |
+| `REPLAY_TRAJECTORY_PATH` | string | `""` | Path to load and replay a trajectory file |
+| `FILE_STORE_PATH` | string | `"/tmp/file_store"` | File store directory path |
+| `FILE_STORE` | string | `"memory"` | File store type (`memory`, `local`, etc.) |
+| `FILE_UPLOADS_MAX_FILE_SIZE_MB` | integer | `0` | Maximum file upload size in MB (0 = no limit) |
+| `FILE_UPLOADS_RESTRICT_FILE_TYPES` | boolean | `false` | Whether to restrict file upload types |
+| `FILE_UPLOADS_ALLOWED_EXTENSIONS` | list | `[".*"]` | List of allowed file extensions for uploads |
+| `MAX_BUDGET_PER_TASK` | float | `0.0` | Maximum budget per task (0.0 = no limit) |
+| `MAX_ITERATIONS` | integer | `100` | Maximum number of iterations per task |
+| `RUNTIME` | string | `"docker"` | Runtime environment (`docker`, `local`, `cli`, etc.) |
+| `DEFAULT_AGENT` | string | `"CodeActAgent"` | Default agent class to use |
+| `JWT_SECRET` | string | auto-generated | JWT secret for authentication |
+| `RUN_AS_OPENHANDS` | boolean | `true` | Whether to run as the openhands user |
+| `VOLUMES` | string | `""` | Volume mounts in format `host:container[:mode]` |
+
+## LLM Configuration Variables
+
+These variables correspond to the `[llm]` section in `config.toml`:
+
+| Environment Variable | Type | Default | Description |
+|---------------------|------|---------|-------------|
+| `LLM_MODEL` | string | `"claude-3-5-sonnet-20241022"` | LLM model to use |
+| `LLM_API_KEY` | string | `""` | API key for the LLM provider |
+| `LLM_BASE_URL` | string | `""` | Custom API base URL |
+| `LLM_API_VERSION` | string | `""` | API version to use |
+| `LLM_TEMPERATURE` | float | `0.0` | Sampling temperature |
+| `LLM_TOP_P` | float | `1.0` | Top-p sampling parameter |
+| `LLM_MAX_INPUT_TOKENS` | integer | `0` | Maximum input tokens (0 = no limit) |
+| `LLM_MAX_OUTPUT_TOKENS` | integer | `0` | Maximum output tokens (0 = no limit) |
+| `LLM_MAX_MESSAGE_CHARS` | integer | `30000` | Maximum characters that will be sent to the model in observation content |
+| `LLM_TIMEOUT` | integer | `0` | API timeout in seconds (0 = no timeout) |
+| `LLM_NUM_RETRIES` | integer | `8` | Number of retry attempts |
+| `LLM_RETRY_MIN_WAIT` | integer | `15` | Minimum wait time between retries (seconds) |
+| `LLM_RETRY_MAX_WAIT` | integer | `120` | Maximum wait time between retries (seconds) |
+| `LLM_RETRY_MULTIPLIER` | float | `2.0` | Exponential backoff multiplier |
+| `LLM_DROP_PARAMS` | boolean | `false` | Drop unsupported parameters without error |
+| `LLM_CACHING_PROMPT` | boolean | `true` | Enable prompt caching if supported |
+| `LLM_DISABLE_VISION` | boolean | `false` | Disable vision capabilities for cost reduction |
+| `LLM_CUSTOM_LLM_PROVIDER` | string | `""` | Custom LLM provider name |
+| `LLM_OLLAMA_BASE_URL` | string | `""` | Base URL for Ollama API |
+| `LLM_INPUT_COST_PER_TOKEN` | float | `0.0` | Cost per input token |
+| `LLM_OUTPUT_COST_PER_TOKEN` | float | `0.0` | Cost per output token |
+| `LLM_REASONING_EFFORT` | string | `""` | Reasoning effort for o-series models (`low`, `medium`, `high`) |
+
+### AWS Configuration
+| Environment Variable | Type | Default | Description |
+|---------------------|------|---------|-------------|
+| `LLM_AWS_ACCESS_KEY_ID` | string | `""` | AWS access key ID |
+| `LLM_AWS_SECRET_ACCESS_KEY` | string | `""` | AWS secret access key |
+| `LLM_AWS_REGION_NAME` | string | `""` | AWS region name |
+
+## Agent Configuration Variables
+
+These variables correspond to the `[agent]` section in `config.toml`:
+
+| Environment Variable | Type | Default | Description |
+|---------------------|------|---------|-------------|
+| `AGENT_LLM_CONFIG` | string | `""` | Name of LLM config group to use |
+| `AGENT_FUNCTION_CALLING` | boolean | `true` | Enable function calling |
+| `AGENT_ENABLE_BROWSING` | boolean | `false` | Enable browsing delegate |
+| `AGENT_ENABLE_LLM_EDITOR` | boolean | `false` | Enable LLM-based editor |
+| `AGENT_ENABLE_JUPYTER` | boolean | `false` | Enable Jupyter integration |
+| `AGENT_ENABLE_HISTORY_TRUNCATION` | boolean | `true` | Enable history truncation |
+| `AGENT_ENABLE_PROMPT_EXTENSIONS` | boolean | `true` | Enable microagents (prompt extensions) |
+| `AGENT_DISABLED_MICROAGENTS` | list | `[]` | List of microagents to disable |
+
+## Sandbox Configuration Variables
+
+These variables correspond to the `[sandbox]` section in `config.toml`:
+
+| Environment Variable | Type | Default | Description |
+|---------------------|------|---------|-------------|
+| `SANDBOX_TIMEOUT` | integer | `120` | Sandbox timeout in seconds |
+| `SANDBOX_USER_ID` | integer | `1000` | User ID for sandbox processes |
+| `SANDBOX_BASE_CONTAINER_IMAGE` | string | `"nikolaik/python-nodejs:python3.12-nodejs22"` | Base container image |
+| `SANDBOX_USE_HOST_NETWORK` | boolean | `false` | Use host networking |
+| `SANDBOX_RUNTIME_BINDING_ADDRESS` | string | `"0.0.0.0"` | Runtime binding address |
+| `SANDBOX_ENABLE_AUTO_LINT` | boolean | `false` | Enable automatic linting |
+| `SANDBOX_INITIALIZE_PLUGINS` | boolean | `true` | Initialize sandbox plugins |
+| `SANDBOX_RUNTIME_EXTRA_DEPS` | string | `""` | Extra dependencies to install |
+| `SANDBOX_RUNTIME_STARTUP_ENV_VARS` | dict | `{}` | Environment variables for runtime |
+| `SANDBOX_BROWSERGYM_EVAL_ENV` | string | `""` | BrowserGym evaluation environment |
+| `SANDBOX_VOLUMES` | string | `""` | Volume mounts (replaces deprecated workspace settings) |
+| `SANDBOX_RUNTIME_CONTAINER_IMAGE` | string | `""` | Pre-built runtime container image |
+| `SANDBOX_KEEP_RUNTIME_ALIVE` | boolean | `false` | Keep runtime alive after session ends |
+| `SANDBOX_PAUSE_CLOSED_RUNTIMES` | boolean | `false` | Pause instead of stopping closed runtimes |
+| `SANDBOX_CLOSE_DELAY` | integer | `300` | Delay before closing idle runtimes (seconds) |
+| `SANDBOX_RM_ALL_CONTAINERS` | boolean | `false` | Remove all containers when stopping |
+| `SANDBOX_ENABLE_GPU` | boolean | `false` | Enable GPU support |
+| `SANDBOX_CUDA_VISIBLE_DEVICES` | string | `""` | Specify GPU devices by ID |
+| `SANDBOX_VSCODE_PORT` | integer | auto | Specific port for VSCode server |
+
+### Sandbox Environment Variables
+Variables prefixed with `SANDBOX_ENV_` are passed through to the sandbox environment:
+
+| Environment Variable | Description |
+|---------------------|-------------|
+| `SANDBOX_ENV_*` | Any variable with this prefix is passed to the sandbox (e.g., `SANDBOX_ENV_OPENAI_API_KEY`) |
+
+## Security Configuration Variables
+
+These variables correspond to the `[security]` section in `config.toml`:
+
+| Environment Variable | Type | Default | Description |
+|---------------------|------|---------|-------------|
+| `SECURITY_CONFIRMATION_MODE` | boolean | `false` | Enable confirmation mode for actions |
+| `SECURITY_SECURITY_ANALYZER` | string | `"llm"` | Security analyzer to use (`llm`, `invariant`) |
+| `SECURITY_ENABLE_SECURITY_ANALYZER` | boolean | `true` | Enable security analysis |
+
+## Debug and Logging Variables
+
+| Environment Variable | Type | Default | Description |
+|---------------------|------|---------|-------------|
+| `DEBUG` | boolean | `false` | Enable general debug logging |
+| `DEBUG_LLM` | boolean | `false` | Enable LLM-specific debug logging |
+| `DEBUG_RUNTIME` | boolean | `false` | Enable runtime debug logging |
+| `LOG_TO_FILE` | boolean | auto | Log to file (auto-enabled when DEBUG=true) |
+
+## Runtime-Specific Variables
+
+### Docker Runtime
+| Environment Variable | Type | Default | Description |
+|---------------------|------|---------|-------------|
+| `SANDBOX_VOLUME_OVERLAYS` | string | `""` | Volume overlay configurations |
+
+### Remote Runtime
+| Environment Variable | Type | Default | Description |
+|---------------------|------|---------|-------------|
+| `SANDBOX_API_KEY` | string | `""` | API key for remote runtime |
+| `SANDBOX_REMOTE_RUNTIME_API_URL` | string | `""` | Remote runtime API URL |
+
+### Local Runtime
+| Environment Variable | Type | Default | Description |
+|---------------------|------|---------|-------------|
+| `RUNTIME_URL` | string | `""` | Runtime URL for local runtime |
+| `RUNTIME_URL_PATTERN` | string | `""` | Runtime URL pattern |
+| `RUNTIME_ID` | string | `""` | Runtime identifier |
+| `LOCAL_RUNTIME_MODE` | string | `""` | Enable local runtime mode (`1` to enable) |
+
+## Integration Variables
+
+### GitHub Integration
+| Environment Variable | Type | Default | Description |
+|---------------------|------|---------|-------------|
+| `GITHUB_TOKEN` | string | `""` | GitHub personal access token |
+
+### Third-Party API Keys
+| Environment Variable | Type | Default | Description |
+|---------------------|------|---------|-------------|
+| `OPENAI_API_KEY` | string | `""` | OpenAI API key |
+| `ANTHROPIC_API_KEY` | string | `""` | Anthropic API key |
+| `GOOGLE_API_KEY` | string | `""` | Google API key |
+| `AZURE_API_KEY` | string | `""` | Azure API key |
+| `TAVILY_API_KEY` | string | `""` | Tavily search API key |
+
+## Server Configuration Variables
+
+These are primarily used when running OpenHands as a server:
+
+| Environment Variable | Type | Default | Description |
+|---------------------|------|---------|-------------|
+| `FRONTEND_PORT` | integer | `3000` | Frontend server port |
+| `BACKEND_PORT` | integer | `8000` | Backend server port |
+| `FRONTEND_HOST` | string | `"localhost"` | Frontend host address |
+| `BACKEND_HOST` | string | `"localhost"` | Backend host address |
+| `WEB_HOST` | string | `"localhost"` | Web server host |
+| `SERVE_FRONTEND` | boolean | `true` | Whether to serve frontend |
+
+## Deprecated Variables
+
+These variables are deprecated and should be replaced:
+
+| Environment Variable | Replacement | Description |
+|---------------------|-------------|-------------|
+| `WORKSPACE_BASE` | `SANDBOX_VOLUMES` | Use volume mounting instead |
+| `WORKSPACE_MOUNT_PATH` | `SANDBOX_VOLUMES` | Use volume mounting instead |
+| `WORKSPACE_MOUNT_PATH_IN_SANDBOX` | `SANDBOX_VOLUMES` | Use volume mounting instead |
+| `WORKSPACE_MOUNT_REWRITE` | `SANDBOX_VOLUMES` | Use volume mounting instead |
+
+## Usage Examples
+
+### Basic Setup with OpenAI
+```bash
+export LLM_MODEL="gpt-4o"
+export LLM_API_KEY="your-openai-api-key"
+export DEBUG=true
+```
+
+### Docker Deployment with Custom Volumes
+```bash
+export RUNTIME="docker"
+export SANDBOX_VOLUMES="/host/workspace:/workspace:rw,/host/data:/data:ro"
+export SANDBOX_TIMEOUT=300
+```
+
+### Remote Runtime Configuration
+```bash
+export RUNTIME="remote"
+export SANDBOX_API_KEY="your-remote-api-key"
+export SANDBOX_REMOTE_RUNTIME_API_URL="https://your-runtime-api.com"
+```
+
+### Security-Enhanced Setup
+```bash
+export SECURITY_CONFIRMATION_MODE=true
+export SECURITY_SECURITY_ANALYZER="llm"
+export DEBUG_RUNTIME=true
+```
+
+## Notes
+
+1. **Boolean Values**: Environment variables expecting boolean values accept `true`/`false`, `1`/`0`, or `yes`/`no` (case-insensitive).
+
+2. **List Values**: Lists should be provided as Python literal strings, e.g., `AGENT_DISABLED_MICROAGENTS='["microagent1", "microagent2"]'`.
+
+3. **Dictionary Values**: Dictionaries should be provided as Python literal strings, e.g., `SANDBOX_RUNTIME_STARTUP_ENV_VARS='{"KEY": "value"}'`.
+
+4. **Precedence**: Environment variables take precedence over TOML configuration files.
+
+5. **Docker Usage**: When using Docker, pass environment variables with the `-e` flag:
+   ```bash
+   docker run -e LLM_API_KEY="your-key" -e DEBUG=true openhands/openhands
+   ```
+
+6. **Validation**: Invalid environment variable values will be logged as errors and fall back to defaults.

docs/usage/faqs.mdx

@@ -89,8 +89,7 @@ If you would like to set things up more systematically, you can:
 1. **Search existing issues**: Check our [GitHub issues](https://github.com/All-Hands-AI/OpenHands/issues) to see if
   others have encountered the same problem.
 2. **Join our community**: Get help from other users and developers:
-   - [Slack community](https://join.slack.com/t/openhands-ai/shared_invite/zt-3847of6xi-xuYJIPa6YIPg4ElbDWbtSA)
-   - [Discord server](https://discord.gg/ESHStjSjD4)
+   - [Slack community](https://dub.sh/openhands)
 3. **Check our troubleshooting guide**: Common issues and solutions are documented in
   [Troubleshooting](/usage/troubleshooting/troubleshooting).
 4. **Report bugs**: If you've found a bug, please [create an issue](https://github.com/All-Hands-AI/OpenHands/issues/new)

docs/usage/how-to/cli-mode.mdx

@@ -105,7 +105,7 @@ The conversation history will be saved in `~/.openhands/sessions`.
 
 1. Set the following environment variables in your terminal:
    - `SANDBOX_VOLUMES` to specify the directory you want OpenHands to access ([See using SANDBOX_VOLUMES for more info](../runtimes/docker#using-sandbox_volumes))
-   - `LLM_MODEL` - the LLM model to use (e.g. `export LLM_MODEL="anthropic/claude-sonnet-4-20250514"`)
+   - `LLM_MODEL` - the LLM model to use (e.g. `export LLM_MODEL="anthropic/claude-sonnet-4-20250514"` or `export LLM_MODEL="anthropic/claude-sonnet-4-5-20250929"`)
    - `LLM_API_KEY` - your API key (e.g. `export LLM_API_KEY="sk_test_12345"`)
 
 2. Run the following command:
@@ -113,7 +113,7 @@ The conversation history will be saved in `~/.openhands/sessions`.
 ```bash
 docker run -it \
     --pull=always \
-    -e SANDBOX_RUNTIME_CONTAINER_IMAGE=docker.all-hands.dev/all-hands-ai/runtime:0.55-nikolaik \
+    -e SANDBOX_RUNTIME_CONTAINER_IMAGE=docker.all-hands.dev/all-hands-ai/runtime:0.58-nikolaik \
     -e SANDBOX_USER_ID=$(id -u) \
     -e SANDBOX_VOLUMES=$SANDBOX_VOLUMES \
     -e LLM_API_KEY=$LLM_API_KEY \
@@ -122,7 +122,7 @@ docker run -it \
     -v ~/.openhands:/.openhands \
     --add-host host.docker.internal:host-gateway \
     --name openhands-app-$(date +%Y%m%d%H%M%S) \
-    docker.all-hands.dev/all-hands-ai/openhands:0.55 \
+    docker.all-hands.dev/all-hands-ai/openhands:0.58 \
     python -m openhands.cli.entry --override-cli-mode true
 ```
 

docs/usage/how-to/gui-mode.mdx

@@ -85,11 +85,11 @@ You can use the Settings page at any time to:
 
 - Setup the LLM provider and model for OpenHands.
 - [Setup the search engine](/usage/search-engine-setup).
-- [Configure MCP servers](/usage/mcp).
+- [Configure MCP servers](/usage/settings/mcp-settings).
 - [Connect to GitHub](/usage/how-to/gui-mode#github-setup), [connect to GitLab](/usage/how-to/gui-mode#gitlab-setup)
   and [connect to Bitbucket](/usage/how-to/gui-mode#bitbucket-setup).
 - Set application settings like your preferred language, notifications and other preferences.
-- [Manage custom secrets](/usage/common-settings#secrets-management).
+- [Manage custom secrets](/usage/settings/secrets-settings).
 
 #### GitHub Setup
 

docs/usage/how-to/headless-mode.mdx

@@ -52,8 +52,8 @@ Set environment variables and run the Docker command:
 
 ```bash
 # Set required environment variables
-export SANDBOX_VOLUMES="/path/to/workspace"  # See SANDBOX_VOLUMES docs for details
-export LLM_MODEL="anthropic/claude-sonnet-4-20250514"
+export SANDBOX_VOLUMES="/path/to/workspace:/workspace:rw"  # Format: host_path:container_path:mode
+export LLM_MODEL="anthropic/claude-sonnet-4-20250514"  # or "anthropic/claude-sonnet-4-5-20250929"
 export LLM_API_KEY="your-api-key"
 export SANDBOX_SELECTED_REPO="owner/repo-name"  # Optional: requires GITHUB_TOKEN
 export GITHUB_TOKEN="your-token"  # Required for repository operations
@@ -61,7 +61,7 @@ export GITHUB_TOKEN="your-token"  # Required for repository operations
 # Run OpenHands
 docker run -it \
     --pull=always \
-    -e SANDBOX_RUNTIME_CONTAINER_IMAGE=docker.all-hands.dev/all-hands-ai/runtime:0.55-nikolaik \
+    -e SANDBOX_RUNTIME_CONTAINER_IMAGE=docker.all-hands.dev/all-hands-ai/runtime:0.58-nikolaik \
     -e SANDBOX_USER_ID=$(id -u) \
     -e SANDBOX_VOLUMES=$SANDBOX_VOLUMES \
     -e LLM_API_KEY=$LLM_API_KEY \
@@ -73,7 +73,7 @@ docker run -it \
     -v ~/.openhands:/.openhands \
     --add-host host.docker.internal:host-gateway \
     --name openhands-app-$(date +%Y%m%d%H%M%S) \
-    docker.all-hands.dev/all-hands-ai/openhands:0.55 \
+    docker.all-hands.dev/all-hands-ai/openhands:0.58 \
     python -m openhands.core.main -t "write a bash script that prints hi"
 ```
 

docs/usage/installation.mdx

@@ -4,16 +4,17 @@ description: Running OpenHands Cloud or running on your own.
 icon: rocket
 ---
 
-## OpenHands Cloud
+<Tabs>
+  <Tab title="OpenHands Cloud">
+    The easiest way to get started with OpenHands is on OpenHands Cloud, which comes with $20 in free credits for new users.
 
-The easiest way to get started with OpenHands is on OpenHands Cloud, which comes with $20 in free credits for new users.
+    To get started with OpenHands Cloud, visit [app.all-hands.dev](https://app.all-hands.dev).
 
-To get started with OpenHands Cloud, visit [app.all-hands.dev](https://app.all-hands.dev).
+    For more information see [getting started with OpenHands Cloud.](/usage/cloud/openhands-cloud)
+  </Tab>
+  <Tab title="Running OpenHands on Your Own">
+    Run OpenHands on your local system and bring your own LLM and API key.
 
-For more information see [getting started with OpenHands Cloud.](/usage/cloud/openhands-cloud)
-
-## Running OpenHands on Your Own
-
-Run OpenHands on your local system and bring your own LLM and API key.
-
-For more information see [running OpenHands on your own.](/usage/local-setup)
+    For more information see [running OpenHands on your own.](/usage/local-setup)
+  </Tab>
+</Tabs>

docs/usage/llms/llms.mdx

@@ -18,6 +18,7 @@ Based on these findings and community feedback, these are the latest models that
 ### Cloud / API-Based Models
 
 - [anthropic/claude-sonnet-4-20250514](https://www.anthropic.com/api) (recommended)
+- [anthropic/claude-sonnet-4-5-20250929](https://www.anthropic.com/api) (recommended)
 - [openai/gpt-5-2025-08-07](https://openai.com/api/) (recommended)
 - [gemini/gemini-2.5-pro](https://blog.google/technology/google-deepmind/gemini-model-thinking-updates-march-2025/)
 - [deepseek/deepseek-chat](https://api-docs.deepseek.com/)

docs/usage/llms/local-llms.mdx

@@ -68,23 +68,23 @@ Download and install the LM Studio desktop app from [lmstudio.ai](https://lmstud
 1. Check [the installation guide](/usage/local-setup) and ensure all prerequisites are met before running OpenHands, then run:
 
 ```bash
-docker pull docker.all-hands.dev/all-hands-ai/runtime:0.55-nikolaik
+docker pull docker.all-hands.dev/all-hands-ai/runtime:0.58-nikolaik
 
 docker run -it --rm --pull=always \
-    -e SANDBOX_RUNTIME_CONTAINER_IMAGE=docker.all-hands.dev/all-hands-ai/runtime:0.55-nikolaik \
+    -e SANDBOX_RUNTIME_CONTAINER_IMAGE=docker.all-hands.dev/all-hands-ai/runtime:0.58-nikolaik \
     -e LOG_ALL_EVENTS=true \
     -v /var/run/docker.sock:/var/run/docker.sock \
     -v ~/.openhands:/.openhands \
     -p 3000:3000 \
     --add-host host.docker.internal:host-gateway \
     --name openhands-app \
-    docker.all-hands.dev/all-hands-ai/openhands:0.55
+    docker.all-hands.dev/all-hands-ai/openhands:0.58
 ```
 
 2. Wait until the server is running (see log below):
 ```
 Digest: sha256:e72f9baecb458aedb9afc2cd5bc935118d1868719e55d50da73190d3a85c674f
-Status: Image is up to date for docker.all-hands.dev/all-hands-ai/openhands:0.55
+Status: Image is up to date for docker.all-hands.dev/all-hands-ai/openhands:0.58
 Starting OpenHands...
 Running OpenHands as root
 14:22:13 - openhands:INFO: server_config.py:50 - Using config class None
@@ -119,7 +119,7 @@ When started for the first time, OpenHands will prompt you to set up the LLM pro
 
 That's it! You can now start using OpenHands with the local LLM server.
 
-If you encounter any issues, let us know on [Slack](https://join.slack.com/t/openhands-ai/shared_invite/zt-3847of6xi-xuYJIPa6YIPg4ElbDWbtSA) or [Discord](https://discord.gg/ESHStjSjD4).
+If you encounter any issues, let us know on [Slack](https://dub.sh/openhands).
 
 ## Advanced: Alternative LLM Backends
 

docs/usage/llms/openhands-llms.mdx

@@ -15,7 +15,7 @@ description: OpenHands LLM provider with access to state-of-the-art (SOTA) agent
 
 When running OpenHands, you'll need to set the following in the OpenHands UI through the Settings under the `LLM` tab:
 - `LLM Provider` to `OpenHands`
-- `LLM Model` to the model you will be using (e.g. claude-sonnet-4-20250514)
+- `LLM Model` to the model you will be using (e.g. claude-sonnet-4-20250514 or claude-sonnet-4-5-20250929)
 - `API Key` to your OpenHands LLM API key copied from above
 
 ## Using OpenHands LLM Provider in the CLI
@@ -30,6 +30,21 @@ When running OpenHands, you'll need to set the following in the OpenHands UI thr
 
 ## Pricing
 
-Pricing follows official API provider rates. [You can view model prices here.](https://github.com/BerriAI/litellm/blob/main/model_prices_and_context_window.json)
+Pricing follows official API provider rates. Below are the current pricing details for OpenHands models:
 
-For `qwen3-coder-480b`, we charge the cheapest FP8 rate available on openrouter: \$0.4 per million input tokens and \$1.6 per million output tokens.
+| Model | Input Cost (per 1M tokens) | Cached Input Cost (per 1M tokens) | Output Cost (per 1M tokens) | Max Input Tokens | Max Output Tokens |
+|-------|----------------------------|-----------------------------------|------------------------------|------------------|-------------------|
+| claude-opus-4-20250514 | $15.00 | $1.50 | $75.00 | 200,000 | 32,000 |
+| claude-sonnet-4-20250514 | $3.00 | $0.30 | $15.00 | 200,000 | 64,000 |
+| claude-sonnet-4-5-20250929 | $3.00 | $0.30 | $15.00 | 200,000 | 64,000 |
+| devstral-medium-2507 | $0.40 | N/A | $2.00 | 128,000 | 128,000 |
+| devstral-small-2505 | $0.10 | N/A | $0.30 | 128,000 | 128,000 |
+| devstral-small-2507 | $0.10 | N/A | $0.30 | 128,000 | 128,000 |
+| gemini-2.5-pro | $1.25 | $0.31 | $10.00 | 1,048,576 | 65,535 |
+| gpt-5-2025-08-07 | $1.25 | $0.125 | $10.00 | 400,000 | 128,000 |
+| gpt-5-mini-2025-08-07 | $0.25 | $0.025 | $2.00 | 400,000 | 128,000 |
+| o3 | $2.00 | $0.50 | $8.00 | 200,000 | 100,000 |
+| o4-mini | $1.10 | $0.28 | $4.40 | 200,000 | 100,000 |
+| qwen3-coder-480b | $0.40 | N/A | $1.60 | N/A | N/A |
+
+**Note:** Cached input tokens are charged at a reduced rate when the same content is reused across requests. Models that don't support prompt caching show "N/A" for cached input cost.

docs/usage/local-setup.mdx

@@ -116,17 +116,17 @@ Note that you'll still need `uv` installed for the default MCP servers to work p
 <Accordion title="Docker Command (Click to expand)">
 
 ```bash
-docker pull docker.all-hands.dev/all-hands-ai/runtime:0.55-nikolaik
+docker pull docker.all-hands.dev/all-hands-ai/runtime:0.58-nikolaik
 
 docker run -it --rm --pull=always \
-    -e SANDBOX_RUNTIME_CONTAINER_IMAGE=docker.all-hands.dev/all-hands-ai/runtime:0.55-nikolaik \
+    -e SANDBOX_RUNTIME_CONTAINER_IMAGE=docker.all-hands.dev/all-hands-ai/runtime:0.58-nikolaik \
     -e LOG_ALL_EVENTS=true \
     -v /var/run/docker.sock:/var/run/docker.sock \
     -v ~/.openhands:/.openhands \
     -p 3000:3000 \
     --add-host host.docker.internal:host-gateway \
     --name openhands-app \
-    docker.all-hands.dev/all-hands-ai/openhands:0.55
+    docker.all-hands.dev/all-hands-ai/openhands:0.58
 ```
 
 </Accordion>

docs/usage/mcp.mdx

@@ -1,196 +0,0 @@
----
-title: Model Context Protocol (MCP)
-description: This page outlines how to configure and use the Model Context Protocol (MCP) in OpenHands, allowing you
-  to extend the agent's capabilities with custom tools.
----
-
-## Overview
-
-Model Context Protocol (MCP) is a mechanism that allows OpenHands to communicate with external tool servers. These
-servers can provide additional functionality to the agent, such as specialized data processing, external API access,
-or custom tools. MCP is based on the open standard defined at [modelcontextprotocol.io](https://modelcontextprotocol.io).
-
-
-<Note>
-MCP is currently not available on OpenHands Cloud. This feature is only available when running OpenHands locally.
-</Note>
-
-### How MCP Works
-
-When OpenHands starts, it:
-
-1. Reads the MCP configuration.
-2. Connects to any configured SSE and SHTTP servers.
-3. Starts any configured stdio servers.
-4. Registers the tools provided by these servers with the agent.
-
-The agent can then use these tools just like any built-in tool. When the agent calls an MCP tool:
-
-1. OpenHands routes the call to the appropriate MCP server.
-2. The server processes the request and returns a response.
-3. OpenHands converts the response to an observation and presents it to the agent.
-
-## Configuration
-
-MCP configuration can be defined in:
-* The OpenHands UI through the Settings under the `MCP` tab.
-* The `config.toml` file under the `[mcp]` section if not using the UI.
-
-### Configuration Examples
-
-#### Recommended: Using Proxy Servers (SSE/HTTP)
-
-For stdio-based MCP servers, we recommend using MCP proxy tools like [`supergateway`](https://github.com/supercorp-ai/supergateway) instead of direct stdio connections.
-[SuperGateway](https://github.com/supercorp-ai/supergateway) is a popular MCP proxy that converts stdio MCP servers to HTTP/SSE endpoints:
-
-Start the proxy servers separately:
-```bash
-# Terminal 1: Filesystem server proxy
-supergateway --stdio "npx @modelcontextprotocol/server-filesystem /" --port 8080
-
-# Terminal 2: Fetch server proxy
-supergateway --stdio "uvx mcp-server-fetch" --port 8081
-```
-
-Then configure OpenHands to use the HTTP endpoint:
-
-```toml
-[mcp]
-# SSE Servers - Recommended approach using proxy tools
-sse_servers = [
-    # Basic SSE server with just a URL
-    "http://example.com:8080/mcp",
-
-    # SuperGateway proxy for fetch server
-    "http://localhost:8081/sse",
-
-    # External MCP service with authentication
-    {url="https://api.example.com/mcp/sse", api_key="your-api-key"}
-]
-```
-
-
-
-#### Alternative: Direct Stdio Servers (Not Recommended for Production)
-
-```toml
-[mcp]
-# Direct stdio servers - use only for development/testing
-stdio_servers = [
-    # Basic stdio server
-    {name="fetch", command="uvx", args=["mcp-server-fetch"]},
-
-    # Stdio server with environment variables
-    {
-        name="filesystem",
-        command="npx",
-        args=["@modelcontextprotocol/server-filesystem", "/"],
-        env={
-            "DEBUG": "true"
-        }
-    }
-]
-```
-
-## Configuration Options
-
-### SSE Servers
-
-SSE servers are configured using either a string URL or an object with the following properties:
-
-- `url` (required)
-  - Type: `str`
-  - Description: The URL of the SSE server
-
-- `api_key` (optional)
-  - Type: `str`
-  - Description: API key for authentication
-
-### SHTTP Servers
-
-SHTTP (Streamable HTTP) servers are configured using either a string URL or an object with the following properties:
-
-- `url` (required)
-  - Type: `str`
-  - Description: The URL of the SHTTP server
-
-- `api_key` (optional)
-  - Type: `str`
-  - Description: API key for authentication
-
-### Stdio Servers
-
-**Note**: While stdio servers are supported, we recommend using MCP proxies (see above) for better reliability and performance.
-
-Stdio servers are configured using an object with the following properties:
-
-- `name` (required)
-  - Type: `str`
-  - Description: A unique name for the server
-
-- `command` (required)
-  - Type: `str`
-  - Description: The command to run the server
-
-- `args` (optional)
-  - Type: `list of str`
-  - Default: `[]`
-  - Description: Command-line arguments to pass to the server
-
-- `env` (optional)
-  - Type: `dict of str to str`
-  - Default: `{}`
-  - Description: Environment variables to set for the server process
-
-
-#### When to Use Direct Stdio
-
-Direct stdio connections may still be appropriate in these scenarios:
-- **Development and testing**: Quick prototyping of MCP servers
-- **Simple, single-use tools**: Tools that don't require high reliability or concurrent access
-- **Local-only environments**: When you don't want to manage additional proxy processes
-
-For production use, we recommend using proxy tools like SuperGateway.
-
-### Other Proxy Tools
-
-Other options include:
-
-- **Custom FastAPI/Express servers**: Build your own HTTP wrapper around stdio MCP servers
-- **Docker-based proxies**: Containerized solutions for better isolation
-- **Cloud-hosted MCP services**: Third-party services that provide MCP endpoints
-
-### Troubleshooting MCP Connections
-
-#### Common Issues with Stdio Servers
-- **Process crashes**: Stdio processes may crash without proper error handling
-- **Deadlocks**: Stdio communication can deadlock under high load
-- **Resource leaks**: Zombie processes if not properly managed
-- **Debugging difficulty**: Hard to inspect stdio communication
-
-#### Benefits of Using Proxies
-- **HTTP status codes**: Clear error reporting via standard HTTP responses
-- **Request logging**: Easy to log and monitor HTTP requests
-- **Load balancing**: Can distribute requests across multiple server instances
-- **Health checks**: HTTP endpoints can provide health status
-- **CORS support**: Better integration with web-based tools
-
-## Transport Protocols
-
-OpenHands supports three different MCP transport protocols:
-
-### Server-Sent Events (SSE)
-SSE is a legacy HTTP-based transport that uses Server-Sent Events for server-to-client communication and HTTP POST requests for client-to-server communication. This transport is suitable for basic streaming scenarios but has limitations in session management and connection resumability.
-
-### Streamable HTTP (SHTTP)
-SHTTP is the modern HTTP-based transport protocol that provides enhanced features over SSE:
-
-- **Improved Session Management**: Supports stateful sessions with session IDs for maintaining context across requests
-- **Connection Resumability**: Can resume broken connections and replay missed messages using event IDs
-- **Bidirectional Communication**: Uses HTTP POST for client-to-server and optional SSE streams for server-to-client communication
-- **Better Error Handling**: Enhanced error reporting and recovery mechanisms
-
-SHTTP is the recommended transport for HTTP-based MCP servers as it provides better reliability and features compared to the legacy SSE transport.
-
-### Standard Input/Output (stdio)
-Stdio transport enables communication through standard input and output streams, making it ideal for local integrations and command-line tools. This transport is used for locally executed MCP servers that run as separate processes.

docs/usage/settings/mcp-settings.mdx

@@ -0,0 +1,194 @@
+---
+title: Model Context Protocol (MCP)
+description: This page outlines how to configure and use the Model Context Protocol (MCP) in OpenHands, allowing you
+  to extend the agent's capabilities with custom tools.
+---
+
+## Overview
+
+Model Context Protocol (MCP) is a mechanism that allows OpenHands to communicate with external tool servers. These
+servers can provide additional functionality to the agent, such as specialized data processing, external API access,
+or custom tools. MCP is based on the open standard defined at [modelcontextprotocol.io](https://modelcontextprotocol.io).
+
+## Supported MCPs
+
+OpenHands supports the following MCP transport protocols:
+
+* [Server-Sent Events (SSE)](https://modelcontextprotocol.io/specification/2024-11-05/basic/transports#http-with-sse)
+* [Streamable HTTP (SHTTP)](https://modelcontextprotocol.io/specification/2025-06-18/basic/transports#streamable-http)
+* [Standard Input/Output (stdio)](https://modelcontextprotocol.io/specification/2025-06-18/basic/transports#stdio)
+
+## How MCP Works
+
+When OpenHands starts, it:
+
+1. Reads the MCP configuration.
+2. Connects to any configured SSE and SHTTP servers.
+3. Starts any configured stdio servers.
+4. Registers the tools provided by these servers with the agent.
+
+The agent can then use these tools just like any built-in tool. When the agent calls an MCP tool:
+
+1. OpenHands routes the call to the appropriate MCP server.
+2. The server processes the request and returns a response.
+3. OpenHands converts the response to an observation and presents it to the agent.
+
+## Configuration
+
+MCP configuration can be defined in:
+* The OpenHands UI in the `Settings > MCP` page.
+* The `config.toml` file under the `[mcp]` section if not using the UI.
+
+### Configuration Options
+
+<Tabs>
+  <Tab title="SSE Servers">
+    SSE servers are configured using either a string URL or an object with the following properties:
+
+    - `url` (required)
+      - Type: `str`
+      - Description: The URL of the SSE server.
+
+    - `api_key` (optional)
+      - Type: `str`
+      - Description: API key for authentication.
+  </Tab>
+  <Tab title="SHTTP Servers">
+    SHTTP (Streamable HTTP) servers are configured using either a string URL or an object with the following properties:
+
+  - `url` (required)
+    - Type: `str`
+    - Description: The URL of the SHTTP server.
+
+  - `api_key` (optional)
+    - Type: `str`
+    - Description: API key for authentication.
+
+  - `timeout` (optional)
+    - Type: `int`
+    - Default: `60`
+    - Range: `1-3600` seconds (1 hour maximum)
+    - Description: Timeout in seconds for tool execution. This prevents tool calls from hanging indefinitely.
+    - **Use Cases:**
+      - **Short timeout (1-30s)**: For lightweight operations like status checks or simple queries.
+      - **Medium timeout (30-300s)**: For standard processing tasks like data analysis or API calls.
+      - **Long timeout (300-3600s)**: For heavy operations like file processing, complex calculations, or batch operations.
+    <Note>
+      This timeout only applies to individual tool calls, not server connection establishment.
+    </Note>
+  </Tab>
+  <Tab title="Stdio Servers">
+    <Note>
+      While stdio servers are supported, [we recommend using MCP proxies](/usage/settings/mcp-settings#configuration-examples) for
+      better reliability and performance.
+    </Note>
+
+    Stdio servers are configured using an object with the following properties:
+
+    - `name` (required)
+      - Type: `str`
+      - Description: A unique name for the server.
+
+    - `command` (required)
+      - Type: `str`
+      - Description: The command to run the server.
+
+    - `args` (optional)
+      - Type: `list of str`
+      - Default: `[]`
+      - Description: Command-line arguments to pass to the server.
+
+    - `env` (optional)
+      - Type: `dict of str to str`
+      - Default: `{}`
+      - Description: Environment variables to set for the server process.
+  </Tab>
+</Tabs>
+
+#### When to Use Direct Stdio
+
+Direct stdio connections may still be appropriate in these scenarios:
+- **Development and testing**: Quick prototyping of MCP servers.
+- **Simple, single-use tools**: Tools that don't require high reliability or concurrent access.
+- **Local-only environments**: When you don't want to manage additional proxy processes.
+
+### Configuration Examples
+
+<Tabs>
+  <Tab title="Proxy Servers (SSE/HTTP) - Recommended">
+    For stdio-based MCP servers, we recommend using MCP proxy tools like
+    [`supergateway`](https://github.com/supercorp-ai/supergateway) instead of direct stdio connections.
+    [SuperGateway](https://github.com/supercorp-ai/supergateway) is a popular MCP proxy that converts stdio MCP servers to
+    HTTP/SSE endpoints.
+
+    Start the proxy servers separately:
+    ```bash
+    # Terminal 1: Filesystem server proxy
+    supergateway --stdio "npx @modelcontextprotocol/server-filesystem /" --port 8080
+
+    # Terminal 2: Fetch server proxy
+    supergateway --stdio "uvx mcp-server-fetch" --port 8081
+    ```
+
+    Then configure OpenHands to use the HTTP endpoint:
+
+    ```toml
+    [mcp]
+    # SSE Servers - Recommended approach using proxy tools
+    sse_servers = [
+        # Basic SSE server with just a URL
+        "http://example.com:8080/mcp",
+
+        # SuperGateway proxy for fetch server
+        "http://localhost:8081/sse",
+
+        # External MCP service with authentication
+        {url="https://api.example.com/mcp/sse", api_key="your-api-key"}
+    ]
+
+    # SHTTP Servers - Modern streamable HTTP transport (recommended)
+    shttp_servers = [
+        # Basic SHTTP server with default 60s timeout
+        "https://api.example.com/mcp/shttp",
+
+        # Server with custom timeout for heavy operations
+        {
+            url = "https://files.example.com/mcp/shttp",
+            api_key = "your-api-key",
+            timeout = 1800  # 30 minutes for large file processing
+        }
+    ]
+    ```
+  </Tab>
+  <Tab title="Direct Stdio Servers">
+    <Note>
+      This setup is not Recommended for production.
+    </Note>
+    ```toml
+    [mcp]
+    # Direct stdio servers - use only for development/testing
+    stdio_servers = [
+        # Basic stdio server
+        {name="fetch", command="uvx", args=["mcp-server-fetch"]},
+
+        # Stdio server with environment variables
+        {
+            name="filesystem",
+            command="npx",
+            args=["@modelcontextprotocol/server-filesystem", "/"],
+            env={
+                "DEBUG": "true"
+            }
+        }
+    ]
+    ```
+
+    For production use, we recommend using proxy tools like SuperGateway.
+  </Tab>
+</Tabs>
+
+Other options include:
+
+- **Custom FastAPI/Express servers**: Build your own HTTP wrapper around stdio MCP servers.
+- **Docker-based proxies**: Containerized solutions for better isolation.
+- **Cloud-hosted MCP services**: Third-party services that provide MCP endpoints.

docs/usage/settings/secrets-settings.mdx

@@ -1,28 +1,19 @@
 ---
-title: OpenHands Settings
-description: Overview of some of the settings available in OpenHands.
+title: Secrets Management
+description: How to manage secrets in OpenHands.
 ---
 
-## Openhands Cloud vs Running on Your Own
-
-There are some differences between the settings available in OpenHands Cloud and those available when running OpenHands
-on your own:
-* [OpenHands Cloud settings](/usage/cloud/cloud-ui#settings)
-* [Settings available when running on your own](/usage/how-to/gui-mode#settings)
-
-Refer to these pages for more detailed information.
-
-## Secrets Management
+## Overview
 
 OpenHands provides a secrets manager that allows you to securely store and manage sensitive information that can be
 accessed by the agent during runtime, such as API keys. These secrets are automatically exported as environment
 variables in the agent's runtime environment.
 
-### Accessing the Secrets Manager
+## Accessing the Secrets Manager
 
-In the Settings page, navigate to the `Secrets` tab. Here, you'll see a list of all your existing custom secrets.
+Navigate to the `Settings > Secrets` page. Here, you'll see a list of all your existing custom secrets.
 
-### Adding a New Secret
+## Adding a New Secret
 1. Click `Add a new secret`.
 2. Fill in the following fields:
    - **Name**: A unique identifier for your secret (e.g., `AWS_ACCESS_KEY`). This will be the environment variable name.
@@ -30,7 +21,7 @@ In the Settings page, navigate to the `Secrets` tab. Here, you'll see a list of
    - **Description** (optional): A brief description of what the secret is used for, which is also provided to the agent.
 3. Click `Add secret` to save.
 
-### Editing a Secret
+## Editing a Secret
 
 1. Click the `Edit` button next to the secret you want to modify.
 2. You can update the name and description of the secret.
@@ -39,14 +30,13 @@ In the Settings page, navigate to the `Secrets` tab. Here, you'll see a list of
   value, delete the secret and create a new one.
 </Note>
 
-### Deleting a Secret
+## Deleting a Secret
 
 1. Click the `Delete` button next to the secret you want to remove.
 2. Select `Confirm` to delete the secret.
 
-### Using Secrets in the Agent
+## Using Secrets in the Agent
  - All custom secrets are automatically exported as environment variables in the agent's runtime environment.
- - You can access them in your code using standard environment variable access methods
-   (e.g., `os.environ['SECRET_NAME']` in Python).
- - Example: If you create a secret named `OPENAI_API_KEY`, you can access it in your code as
-   `process.env.OPENAI_API_KEY` in JavaScript or `os.environ['OPENAI_API_KEY']` in Python.
+ - You can access them in your code using standard environment variable access methods. For example, if you create a
+  secret named `OPENAI_API_KEY`, you can access it in your code as `process.env.OPENAI_API_KEY` in JavaScript or
+  `os.environ['OPENAI_API_KEY']` in Python.

enterprise/Dockerfile

@@ -7,14 +7,28 @@ LABEL com.datadoghq.tags.service="deploy"
 LABEL com.datadoghq.tags.env="${DD_ENV}"
 
 # Install Node.js v20+ and npm (which includes npx)
+# Apply security updates to fix CVEs
 RUN apt-get update && \
     apt-get install -y curl && \
     curl -fsSL https://deb.nodesource.com/setup_20.x | bash - && \
     apt-get install -y nodejs && \
     apt-get install -y jq gettext && \
-    apt-get clean
+    # Apply security updates for packages with available fixes
+    apt-get upgrade -y \
+        libc-bin \
+        libc6 \
+        libgnutls30 \
+        libsqlite3-0 \
+        perl-base && \
+    apt-get clean && \
+    rm -rf /var/lib/apt/lists/*
 
-RUN pip install alembic psycopg2-binary cloud-sql-python-connector pg8000 gspread stripe python-keycloak asyncpg sqlalchemy[asyncio] resend tenacity slack-sdk ddtrace posthog "limits==5.2.0" coredis prometheus-client shap scikit-learn pandas numpy
+# Install Python packages with security fixes
+RUN pip install alembic psycopg2-binary cloud-sql-python-connector pg8000 gspread stripe python-keycloak asyncpg sqlalchemy[asyncio] resend tenacity slack-sdk ddtrace "posthog>=6.0.0" "limits==5.2.0" coredis prometheus-client shap scikit-learn pandas numpy && \
+    # Update packages with known CVE fixes
+    pip install --upgrade \
+        "mcp>=1.10.0" \
+        "pillow>=11.3.0"
 
 WORKDIR /app
 COPY enterprise .

enterprise/dev_config/python/.pre-commit-config.yaml

@@ -46,7 +46,8 @@ repos:
           - types-toml
           - types-redis
           - lxml
-          # TODO: Add OpenHands in parent
+          # OpenHands package in repo root
+          - ./
           - stripe==11.5.0
           - pygithub==2.6.1
         # To see gaps add `--html-report mypy-report/`

enterprise/dev_config/python/mypy.ini

@@ -7,15 +7,11 @@ warn_unreachable = True
 warn_redundant_casts = True
 no_implicit_optional = True
 strict_optional = True
-exclude = (^enterprise/migrations/.*|^openhands/.*)
+disable_error_code = type-abstract
+exclude = (^enterprise/migrations/.*)
 
 [mypy-enterprise.tests.unit.test_auth_routes.*]
 disable_error_code = union-attr
 
 [mypy-enterprise.sync.install_gitlab_webhooks.*]
 disable_error_code = redundant-cast
-
-# Let the other config check base openhands packages
-[mypy-openhands.*]
-follow_imports = skip
-ignore_missing_imports = True

enterprise/experiments/experiment_manager.py

@@ -2,7 +2,6 @@ from experiments.constants import (
     ENABLE_EXPERIMENT_MANAGER,
 )
 from experiments.experiment_versions import (
-    handle_claude4_vs_gpt5_experiment,
     handle_condenser_max_step_experiment,
     handle_system_prompt_experiment,
 )
@@ -10,11 +9,14 @@ from experiments.experiment_versions import (
 from openhands.core.config.openhands_config import OpenHandsConfig
 from openhands.core.logger import openhands_logger as logger
 from openhands.experiments.experiment_manager import ExperimentManager
+from openhands.server.session.conversation_init_data import ConversationInitData
 
 
 class SaaSExperimentManager(ExperimentManager):
     @staticmethod
-    def run_conversation_variant_test(user_id, conversation_id, conversation_settings):
+    def run_conversation_variant_test(
+        user_id, conversation_id, conversation_settings
+    ) -> ConversationInitData:
         """
         Run conversation variant test and potentially modify the conversation settings
         based on the PostHog feature flags.
@@ -41,9 +43,6 @@ class SaaSExperimentManager(ExperimentManager):
             return conversation_settings
 
         # Apply conversation-scoped experiments
-        conversation_settings = handle_claude4_vs_gpt5_experiment(
-            user_id, conversation_id, conversation_settings
-        )
         conversation_settings = handle_condenser_max_step_experiment(
             user_id, conversation_id, conversation_settings
         )
@@ -52,8 +51,8 @@ class SaaSExperimentManager(ExperimentManager):
 
     @staticmethod
     def run_config_variant_test(
-        user_id: str, conversation_id: str, config: OpenHandsConfig
-    ):
+        user_id: str | None, conversation_id: str, config: OpenHandsConfig
+    ) -> OpenHandsConfig:
         """
         Run agent config variant test and potentially modify the OpenHands config
         based on the current experiment type and PostHog feature flags.

enterprise/experiments/experiment_versions/_003_llm_claude4_vs_gpt5_experiment.py

@@ -14,9 +14,10 @@ from server.constants import (
 from storage.experiment_assignment_store import ExperimentAssignmentStore
 
 from openhands.core.logger import openhands_logger as logger
+from openhands.server.session.conversation_init_data import ConversationInitData
 
 
-def _get_model_variant(user_id, conversation_id) -> str | None:
+def _get_model_variant(user_id: str | None, conversation_id: str) -> str | None:
     if not EXPERIMENT_CLAUDE4_VS_GPT5:
         logger.info(
             'experiment_manager:ab_testing:skipped',
@@ -104,7 +105,11 @@ def _get_model_variant(user_id, conversation_id) -> str | None:
     return enabled_variant
 
 
-def handle_claude4_vs_gpt5_experiment(user_id, conversation_id, conversation_settings):
+def handle_claude4_vs_gpt5_experiment(
+    user_id: str | None,
+    conversation_id: str,
+    conversation_settings: ConversationInitData,
+) -> ConversationInitData:
     """
     Handle the LiteLLM model experiment.
 
@@ -120,7 +125,7 @@ def handle_claude4_vs_gpt5_experiment(user_id, conversation_id, conversation_set
     enabled_variant = _get_model_variant(user_id, conversation_id)
 
     if not enabled_variant:
-        return None
+        return conversation_settings
 
     # Set the model based on the feature flag variant
     if enabled_variant == 'gpt5':

enterprise/experiments/experiment_versions/_004_condenser_max_step_experiment.py

@@ -11,6 +11,7 @@ from server.constants import IS_FEATURE_ENV
 from storage.experiment_assignment_store import ExperimentAssignmentStore
 
 from openhands.core.logger import openhands_logger as logger
+from openhands.server.session.conversation_init_data import ConversationInitData
 
 
 def _get_condenser_max_step_variant(user_id, conversation_id):
@@ -114,8 +115,10 @@ def _get_condenser_max_step_variant(user_id, conversation_id):
 
 
 def handle_condenser_max_step_experiment(
-    user_id: str, conversation_id: str, conversation_settings
-):
+    user_id: str | None,
+    conversation_id: str,
+    conversation_settings: ConversationInitData,
+) -> ConversationInitData:
     """
     Handle the condenser max step experiment for conversation settings.
 

enterprise/integrations/github/data_collector.py

@@ -390,24 +390,24 @@ class GitHubDataCollector:
         merged_by = None
         merge_commit_sha = None
         if is_merged:
-            merged_by = pr_data.get('mergedBy', {}).get('login')
-            merge_commit_sha = pr_data.get('mergeCommit', {}).get('oid')
+            merged_by = (pr_data.get('mergedBy') or {}).get('login')
+            merge_commit_sha = (pr_data.get('mergeCommit') or {}).get('oid')
 
         return {
             'repo_metadata': self._extract_repo_metadata(repo_data),
             'pr_metadata': {
-                'username': pr_data.get('author', {}).get('login'),
-                'number': pr_data['number'],
-                'title': pr_data['title'],
-                'body': pr_data['body'],
+                'username': (pr_data.get('author') or {}).get('login'),
+                'number': pr_data.get('number'),
+                'title': pr_data.get('title'),
+                'body': pr_data.get('body'),
                 'comments': pr_comments,
             },
             'commits': commits,
             'review_comments': review_comments,
             'merge_status': {
-                'merged': pr_data['merged'],
+                'merged': pr_data.get('merged'),
                 'merged_by': merged_by,
-                'state': pr_data['state'],
+                'state': pr_data.get('state'),
                 'merge_commit_sha': merge_commit_sha,
             },
             'openhands_stats': {

enterprise/integrations/gitlab/gitlab_manager.py

@@ -62,7 +62,13 @@ class GitlabManager(Manager):
             logger.warning(f'Got invalid keyloak user id for GitLab User {user_id}')
             return False
 
-        gitlab_service = GitLabServiceImpl(external_auth_id=keycloak_user_id)
+        # Importing here prevents circular import
+        from integrations.gitlab.gitlab_service import SaaSGitLabService
+
+        gitlab_service: SaaSGitLabService = GitLabServiceImpl(
+            external_auth_id=keycloak_user_id
+        )
+
         return await gitlab_service.user_has_write_access(project_id)
 
     async def receive_message(self, message: Message):
@@ -119,7 +125,13 @@ class GitlabManager(Manager):
             gitlab_view: The GitLab view object containing issue/PR/comment info
         """
         keycloak_user_id = gitlab_view.user_info.keycloak_user_id
-        gitlab_service = GitLabServiceImpl(external_auth_id=keycloak_user_id)
+
+        # Importing here prevents circular import
+        from integrations.gitlab.gitlab_service import SaaSGitLabService
+
+        gitlab_service: SaaSGitLabService = GitLabServiceImpl(
+            external_auth_id=keycloak_user_id
+        )
 
         outgoing_message = message.message
 

enterprise/integrations/gitlab/gitlab_view.py

@@ -47,14 +47,14 @@ class GitlabIssue(ResolverViewInterface):
         )
 
         self.previous_comments = await gitlab_service.get_issue_or_mr_comments(
-            self.project_id, self.issue_number, is_mr=self.is_mr
+            str(self.project_id), self.issue_number, is_mr=self.is_mr
         )
 
         (
             self.title,
             self.description,
         ) = await gitlab_service.get_issue_or_mr_title_and_body(
-            self.project_id, self.issue_number, is_mr=self.is_mr
+            str(self.project_id), self.issue_number, is_mr=self.is_mr
         )
 
     async def _get_instructions(self, jinja_env: Environment) -> tuple[str, str]:
@@ -199,11 +199,11 @@ class GitlabInlineMRComment(GitlabMRComment):
             self.title,
             self.description,
         ) = await gitlab_service.get_issue_or_mr_title_and_body(
-            self.project_id, self.issue_number, is_mr=self.is_mr
+            str(self.project_id), self.issue_number, is_mr=self.is_mr
         )
 
         self.previous_comments = await gitlab_service.get_review_thread_comments(
-            self.project_id, self.issue_number, self.discussion_id
+            str(self.project_id), self.issue_number, self.discussion_id
         )
 
     async def _get_instructions(self, jinja_env: Environment) -> tuple[str, str]:

enterprise/integrations/utils.py

@@ -172,6 +172,17 @@ def get_summary_for_agent_state(
 
         return f'OpenHands encountered an error: **{reason}**.\n\n[See the conversation]({conversation_link}) for more information.'
 
+    if state == AgentState.AWAITING_USER_INPUT:
+        logger.info(
+            'Agent is awaiting user input',
+            extra={
+                'agent_state': state.value,
+                'conversation_link': conversation_link,
+                'observation_reason': getattr(observation, 'reason', None),
+            },
+        )
+        return f'OpenHands is waiting for your input. [Continue the conversation]({conversation_link}) to provide additional instructions.'
+
     # Log unknown agent state as error
     logger.error(
         'Unknown error: Unhandled agent state',

enterprise/migrations/versions/075_add_cancellation_fields_to_subscription_access.py

@@ -0,0 +1,50 @@
+"""add cancellation fields to subscription_access
+
+Revision ID: 075
+Revises: 074
+Create Date: 2025-01-11
+
+"""
+
+from typing import Sequence, Union
+
+import sqlalchemy as sa
+from alembic import op
+
+# revision identifiers, used by Alembic.
+revision: str = '075'
+down_revision: Union[str, None] = '074'
+branch_labels: Union[str, Sequence[str], None] = None
+depends_on: Union[str, Sequence[str], None] = None
+
+
+def upgrade() -> None:
+    # Add cancelled_at field to track cancellation timestamp
+    op.add_column(
+        'subscription_access',
+        sa.Column('cancelled_at', sa.DateTime(timezone=True), nullable=True),
+    )
+
+    # Add stripe_subscription_id field to enable cancellation via Stripe API
+    op.add_column(
+        'subscription_access',
+        sa.Column('stripe_subscription_id', sa.String(), nullable=True),
+    )
+
+    # Create index on stripe_subscription_id for efficient lookups
+    op.create_index(
+        'ix_subscription_access_stripe_subscription_id',
+        'subscription_access',
+        ['stripe_subscription_id'],
+    )
+
+
+def downgrade() -> None:
+    # Drop index
+    op.drop_index(
+        'ix_subscription_access_stripe_subscription_id', 'subscription_access'
+    )
+
+    # Drop columns
+    op.drop_column('subscription_access', 'stripe_subscription_id')
+    op.drop_column('subscription_access', 'cancelled_at')

enterprise/poetry.lock

@@ -1,4 +1,4 @@
-# This file is automatically @generated by Poetry 2.1.3 and should not be changed by hand.
+# This file is automatically @generated by Poetry 2.2.1 and should not be changed by hand.
 
 [[package]]
 name = "aiofiles"
@@ -766,7 +766,7 @@ version = "1.17.1"
 description = "Foreign Function Interface for Python calling C code."
 optional = false
 python-versions = ">=3.8"
-groups = ["main"]
+groups = ["main", "test"]
 files = [
     {file = "cffi-1.17.1-cp310-cp310-macosx_10_9_x86_64.whl", hash = "sha256:df8b1c11f177bc2313ec4b2d46baec87a5f3e71fc8b45dab2ee7cae86d9aba14"},
     {file = "cffi-1.17.1-cp310-cp310-macosx_11_0_arm64.whl", hash = "sha256:8f2cdc858323644ab277e9bb925ad72ae0e67f69e804f4898c070998d50b1a67"},
@@ -836,6 +836,7 @@ files = [
     {file = "cffi-1.17.1-cp39-cp39-win_amd64.whl", hash = "sha256:d016c76bdd850f3c626af19b0542c9677ba156e4ee4fccfdd7848803533ef662"},
     {file = "cffi-1.17.1.tar.gz", hash = "sha256:1c39c6016c32bc48dd54561950ebd6836e1670f2ae46128f67cf49e789c52824"},
 ]
+markers = {test = "platform_python_implementation == \"CPython\" and sys_platform == \"win32\""}
 
 [package.dependencies]
 pycparser = "*"
@@ -1060,7 +1061,7 @@ files = [
     {file = "colorama-0.4.6-py2.py3-none-any.whl", hash = "sha256:4f1d9991f5acc0ca119f9d443620b77f9d6b33703e51011c16baf57afb285fc6"},
     {file = "colorama-0.4.6.tar.gz", hash = "sha256:08695f5cb7ed6e0531a20572697297273c47b8cae5a63ffc6d6ed5c201be6e44"},
 ]
-markers = {main = "platform_system == \"Windows\" or os_name == \"nt\" or sys_platform == \"win32\"", dev = "os_name == \"nt\"", test = "platform_system == \"Windows\" or sys_platform == \"win32\""}
+markers = {main = "platform_system == \"Windows\" or sys_platform == \"win32\" or os_name == \"nt\"", dev = "os_name == \"nt\"", test = "platform_system == \"Windows\" or sys_platform == \"win32\""}
 
 [[package]]
 name = "comm"
@@ -1426,73 +1427,73 @@ yaml = ["pyyaml (>=6.0.1)"]
 
 [[package]]
 name = "ddtrace"
-version = "3.12.4"
+version = "3.13.0"
 description = "Datadog APM client library"
 optional = false
 python-versions = ">=3.8"
 groups = ["main"]
 files = [
-    {file = "ddtrace-3.12.4-cp310-cp310-macosx_12_0_arm64.whl", hash = "sha256:222dc483f22a065795f473cad6fc6e798ecf9da9f4fc99ca87f1ba70f34d21b1"},
-    {file = "ddtrace-3.12.4-cp310-cp310-macosx_12_0_x86_64.whl", hash = "sha256:196f114a70b75320876f6861c10435c6d4ea50e0f406328b0862a021c344d002"},
-    {file = "ddtrace-3.12.4-cp310-cp310-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:4200e8b057b29ce3ba0889a9d423e4d105b0ba35d4bd58ba2670763018909623"},
-    {file = "ddtrace-3.12.4-cp310-cp310-manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:7fc1449d511e04e8b2596eee6d1ad2d3420dff23f6dfd8a899c5e3e03dfe8ba5"},
-    {file = "ddtrace-3.12.4-cp310-cp310-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:2ebae69206957837341cd94bbe78e5242395f7571455dfe911b56ea2f7404ada"},
-    {file = "ddtrace-3.12.4-cp310-cp310-musllinux_1_2_aarch64.whl", hash = "sha256:a08cd25234358a2427494d4059ee12afc83e083bad65f2bd62417fd935caa737"},
-    {file = "ddtrace-3.12.4-cp310-cp310-musllinux_1_2_i686.whl", hash = "sha256:fbe90ff2c914c753116807ddffde9065ecbf9944bdc4932862c3f5835485004d"},
-    {file = "ddtrace-3.12.4-cp310-cp310-musllinux_1_2_x86_64.whl", hash = "sha256:1b3be9452bc76f730203b86272f8312c7e195b3125f964900df3f41c39ec0c94"},
-    {file = "ddtrace-3.12.4-cp310-cp310-win32.whl", hash = "sha256:b331bc0c3000cea1fd70febcf004b5a617c63b9050094f08100891a23638986d"},
-    {file = "ddtrace-3.12.4-cp310-cp310-win_amd64.whl", hash = "sha256:018d19e2a1e7585df65d938ae51c385d673e8001b66827a47e499ade3b227ad2"},
-    {file = "ddtrace-3.12.4-cp311-cp311-macosx_12_0_arm64.whl", hash = "sha256:0de9563bad27007fd64059e3b5bb3a791184e39619fdb096044e68a454b4427b"},
-    {file = "ddtrace-3.12.4-cp311-cp311-macosx_12_0_x86_64.whl", hash = "sha256:d0c5b84d066ca3d60da9636df526382416dae4288f66fcdaca7a2e765ca2f0bd"},
-    {file = "ddtrace-3.12.4-cp311-cp311-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:ff1812b1d7e8344088a978f1d4f621257fe1ad5d8efc07317a3c90c280e5bdc4"},
-    {file = "ddtrace-3.12.4-cp311-cp311-manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:dd0ac6ba50d36689bf0eeadc88ce91b60bc863036f3dea90dd5656f39bce3ac4"},
-    {file = "ddtrace-3.12.4-cp311-cp311-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:b8f99761f946b2b7cc2ea4cba821a7a94d05a9eb8cd8a3feabdb49eeacc18bb9"},
-    {file = "ddtrace-3.12.4-cp311-cp311-musllinux_1_2_aarch64.whl", hash = "sha256:c4f66c48eca7d6759766fcaf24ac3a65e712e62ae7b1f521a7da2b8d7f101849"},
-    {file = "ddtrace-3.12.4-cp311-cp311-musllinux_1_2_i686.whl", hash = "sha256:42d46f17baaa5040e4f438544603033af8eeec32067c3712a9e620392d75f484"},
-    {file = "ddtrace-3.12.4-cp311-cp311-musllinux_1_2_x86_64.whl", hash = "sha256:aa0606a07e7d05881f2ef1172f4175733ae3006bfc3c7cfd58b82ea3ed75c914"},
-    {file = "ddtrace-3.12.4-cp311-cp311-win32.whl", hash = "sha256:efde4b33502f3897993a564ee56d0ea30a65d658d616d16c5ef23c850d0e3417"},
-    {file = "ddtrace-3.12.4-cp311-cp311-win_amd64.whl", hash = "sha256:7d6117fabcd98d3a696d1f80314c9b9e4325b362b31714551efd729a02152ff1"},
-    {file = "ddtrace-3.12.4-cp312-cp312-macosx_12_0_arm64.whl", hash = "sha256:734d782d9f64de378f632516554b9da0dfbf54cf1bb7be4bb1085165e7c052ad"},
-    {file = "ddtrace-3.12.4-cp312-cp312-macosx_12_0_x86_64.whl", hash = "sha256:fbf2543856b4ed5a1d6ac59c82f8c76cef5f4ef65361d59f60ce01db92a4c8d1"},
-    {file = "ddtrace-3.12.4-cp312-cp312-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:751ce0410405113286bd558fd402f8a58f5b455cee4deb467ae9ae87e5713547"},
-    {file = "ddtrace-3.12.4-cp312-cp312-manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:fd804c06d62926cc18a354987f7d5c1fecd1da30983041d3f98bc402d9d23713"},
-    {file = "ddtrace-3.12.4-cp312-cp312-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:e55b911d5b9f1bd73731870962809f9089677f4d3736d52587b4ba76eee56962"},
-    {file = "ddtrace-3.12.4-cp312-cp312-musllinux_1_2_aarch64.whl", hash = "sha256:1e8cc90fdcd7f021d06383b88c0e40726706c06088dddd528e31cf3c65a9fea9"},
-    {file = "ddtrace-3.12.4-cp312-cp312-musllinux_1_2_i686.whl", hash = "sha256:585b7b26f03c64390c800e180304639b4226c34c533f16bc6cd9c328ee4f727a"},
-    {file = "ddtrace-3.12.4-cp312-cp312-musllinux_1_2_x86_64.whl", hash = "sha256:fe967af58f2e0033caa977c512a4bfb7af3c6f5ad57e9bdef9241609a4d8a99b"},
-    {file = "ddtrace-3.12.4-cp312-cp312-win32.whl", hash = "sha256:fe03b8f513513e28c35bc792cd7ef0602b21cbcfe71d17a2dd962aee23e980d9"},
-    {file = "ddtrace-3.12.4-cp312-cp312-win_amd64.whl", hash = "sha256:9fd79c44ecffb36ac5b3168f0f196778ed0dd538beb07961ce10e06b8045af35"},
-    {file = "ddtrace-3.12.4-cp313-cp313-macosx_12_0_arm64.whl", hash = "sha256:2edf755f4bfd823ce8b560c233cb17137ef79d097bc1ade7914f684b39011bcb"},
-    {file = "ddtrace-3.12.4-cp313-cp313-macosx_12_0_x86_64.whl", hash = "sha256:6dad7ca193810beb931e81b7430dd074a53bf8f8bd5bdc19acd198d460b2438a"},
-    {file = "ddtrace-3.12.4-cp313-cp313-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:9de7aa6b6ea3d41f8f20c5e00dd85b2f2b3bb1591f3b7deab5d4c527620c3cb3"},
-    {file = "ddtrace-3.12.4-cp313-cp313-manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:80e0acbbe85365f113bf6e57f77a82f0e0612a7a4cb57f16e9e184748a2bc478"},
-    {file = "ddtrace-3.12.4-cp313-cp313-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:46de7dd48256d8e347f2ab436644bd8946d3605caedb150eb46327a9f5b005b6"},
-    {file = "ddtrace-3.12.4-cp313-cp313-musllinux_1_2_aarch64.whl", hash = "sha256:4d5c9ddacecb0072292360813b453129998ca293e13c542fa51771c7734ef03a"},
-    {file = "ddtrace-3.12.4-cp313-cp313-musllinux_1_2_i686.whl", hash = "sha256:d0b694838e6c7ea2da6de7ccd7b866ec439c49fa40b68ac46f657163cb571d93"},
-    {file = "ddtrace-3.12.4-cp313-cp313-musllinux_1_2_x86_64.whl", hash = "sha256:e89a17cdb4b5442b97a219e8522b9c665cf7a5116f7e97049dd145f837bad5b1"},
-    {file = "ddtrace-3.12.4-cp313-cp313-win32.whl", hash = "sha256:d0b3ec8228950e7ff68c39537630cd12880656d96461ef021d6484b2df8dba84"},
-    {file = "ddtrace-3.12.4-cp313-cp313-win_amd64.whl", hash = "sha256:fad78414731b242e86016a124299f2f41575ccf58444edca777b425dbd9faf0c"},
-    {file = "ddtrace-3.12.4-cp38-cp38-macosx_12_0_arm64.whl", hash = "sha256:9f639f70f1689ec1a1049cd64132491ee09bcfe7609d73f8c220e38261611045"},
-    {file = "ddtrace-3.12.4-cp38-cp38-macosx_12_0_x86_64.whl", hash = "sha256:6b5b150e9d362f7242159dd5a5a7107f1be091282c0ee69301fb7ede60f28d3c"},
-    {file = "ddtrace-3.12.4-cp38-cp38-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:eda3b6ebd275f7f7272f45f4e8ee0e0720c1e217c80140270f8c5e415e11133e"},
-    {file = "ddtrace-3.12.4-cp38-cp38-manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:fe644904b44d39a93eb40fb033aef26a03e4096d135ee844b71ed49d1bd647ad"},
-    {file = "ddtrace-3.12.4-cp38-cp38-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:62a48fc36308919afb1fae22a268a96cff3448f1feb860db97d130498ddfa428"},
-    {file = "ddtrace-3.12.4-cp38-cp38-musllinux_1_2_aarch64.whl", hash = "sha256:77de49365f55033d7e14b544f92d0cae71969b78c4ab8642c3340124e0200739"},
-    {file = "ddtrace-3.12.4-cp38-cp38-musllinux_1_2_i686.whl", hash = "sha256:87fbd5126f8339bcb508a52455f58b0c92870a1c3748849a4d6543198b5f8752"},
-    {file = "ddtrace-3.12.4-cp38-cp38-musllinux_1_2_x86_64.whl", hash = "sha256:5845d7c2ed46b44e02bd5d36ca7f8e80a4e942683473c867393b9fd4553f9d64"},
-    {file = "ddtrace-3.12.4-cp38-cp38-win32.whl", hash = "sha256:ebde5af8c5d98f435d7dec960c97151142a4b302e94c20da79ed58fe8a08052e"},
-    {file = "ddtrace-3.12.4-cp38-cp38-win_amd64.whl", hash = "sha256:18dfe9a1a02bfa4ef4f614122135509f454abeff625039b764bc461462ba0923"},
-    {file = "ddtrace-3.12.4-cp39-cp39-macosx_12_0_arm64.whl", hash = "sha256:e78957120c64bd56ce5592bc10587d7c0d1ca68f21f5b46f6a18dafbc43ad234"},
-    {file = "ddtrace-3.12.4-cp39-cp39-macosx_12_0_x86_64.whl", hash = "sha256:3936243dc989b8e8e3bb004262abe68a1cc3e0b9356671c01233b84d2c837903"},
-    {file = "ddtrace-3.12.4-cp39-cp39-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:ed76d10787fc288ea94808ce601df243fc3953c7142baefac446015bed799790"},
-    {file = "ddtrace-3.12.4-cp39-cp39-manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:0c1d3f7f93146653f8ed06d8cd54030b2c902ceca6de55f6df7f40d23037181e"},
-    {file = "ddtrace-3.12.4-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:0f5ab24c82fc7532386b02530f90fed2964718cea296adf6d35fc31bd30d301d"},
-    {file = "ddtrace-3.12.4-cp39-cp39-musllinux_1_2_aarch64.whl", hash = "sha256:30bd9e57923a99d5b4e6562976e9f7307d685caff1544b3d2f7438e6ef8e87e8"},
-    {file = "ddtrace-3.12.4-cp39-cp39-musllinux_1_2_i686.whl", hash = "sha256:3bf18fd5898940fb7f236b4c9796f0ee517eb755fd0c17965d3a0342f865ee5a"},
-    {file = "ddtrace-3.12.4-cp39-cp39-musllinux_1_2_x86_64.whl", hash = "sha256:8ff1c70da37c05a29f0be091b0fdc6bb1d91d448f56861c51df614649441070c"},
-    {file = "ddtrace-3.12.4-cp39-cp39-win32.whl", hash = "sha256:66c007170698e3d12638d03e80f02e93c3bb3e55e96a7f5517e638056562ec1a"},
-    {file = "ddtrace-3.12.4-cp39-cp39-win_amd64.whl", hash = "sha256:a4f2dabbc95e5c6bf4c43eb141e94021789c81a929588f4000f876f89882c124"},
-    {file = "ddtrace-3.12.4.tar.gz", hash = "sha256:c422977fc4f6e9ba7d4eef9b7e6ce00f8b81c68b034682c6a63eb5c9670e37d8"},
+    {file = "ddtrace-3.13.0-cp310-cp310-macosx_12_0_arm64.whl", hash = "sha256:12122a8e7089ab40cad2cd6bb51834859aa0a27babf3256a73630e6ee2315455"},
+    {file = "ddtrace-3.13.0-cp310-cp310-macosx_12_0_x86_64.whl", hash = "sha256:02fab2c444b87f290850b3d750e17ccdf49ace3baf8ff3305e8147f6fdf0dc50"},
+    {file = "ddtrace-3.13.0-cp310-cp310-manylinux2014_aarch64.manylinux_2_17_aarch64.whl", hash = "sha256:a003ffa4649dab4971d3557ce2d85eb2c5d335ebc7152196cbf780171fd4b5e1"},
+    {file = "ddtrace-3.13.0-cp310-cp310-manylinux2014_x86_64.manylinux_2_17_x86_64.whl", hash = "sha256:52b2458b6f0f4725156d46c6cb5410f98568a61cc890bb270515c9caad3a522d"},
+    {file = "ddtrace-3.13.0-cp310-cp310-manylinux_2_28_i686.whl", hash = "sha256:9160222e476e18af95ef687bd548f8e86b3815896bf7cd1d42a9b43005e058e2"},
+    {file = "ddtrace-3.13.0-cp310-cp310-musllinux_1_2_aarch64.whl", hash = "sha256:464e245c2114c722ad4240b73b1c598f83cc1c7bdc9001aec3083f914c1cacc0"},
+    {file = "ddtrace-3.13.0-cp310-cp310-musllinux_1_2_i686.whl", hash = "sha256:21901a58e938dbeba0ca6c49b8ba1480d07eea5b057845ae4ff3a706d833137f"},
+    {file = "ddtrace-3.13.0-cp310-cp310-musllinux_1_2_x86_64.whl", hash = "sha256:40e00faced483a3eac0b499cf191a38fbf8bb060a3872029ee3299871f87bdd9"},
+    {file = "ddtrace-3.13.0-cp310-cp310-win32.whl", hash = "sha256:d15593cb804d74094df1a71167a70136b7616579259ce2b26279f2762354e709"},
+    {file = "ddtrace-3.13.0-cp310-cp310-win_amd64.whl", hash = "sha256:5de44e7c595d25745665fa1cc44c0f0b4c7ad79be06d0de74f6e0edb2c8ec351"},
+    {file = "ddtrace-3.13.0-cp311-cp311-macosx_12_0_arm64.whl", hash = "sha256:68c38ac75cc3668e9284873f5e84c3e104880d68c3891ed13614e0614c46f5b0"},
+    {file = "ddtrace-3.13.0-cp311-cp311-macosx_12_0_x86_64.whl", hash = "sha256:6d8811c4b7397384aff7e54b7399647f4c1c0e9167792cb45adb2d3553fc20a2"},
+    {file = "ddtrace-3.13.0-cp311-cp311-manylinux2014_aarch64.manylinux_2_17_aarch64.whl", hash = "sha256:029b6e6c50984b1976c6b0970e60184919dab9514441d08683a50a5d52a05326"},
+    {file = "ddtrace-3.13.0-cp311-cp311-manylinux2014_x86_64.manylinux_2_17_x86_64.whl", hash = "sha256:8de2a060400ee89422ecfd3269dfd2e113f4f9dae00f6fcd3ed9e53e2223a26a"},
+    {file = "ddtrace-3.13.0-cp311-cp311-manylinux_2_28_i686.whl", hash = "sha256:bb0738048ea0e49e6bec9be2bf5c68a24d7ea3b27bf956147378366aacb4ca4b"},
+    {file = "ddtrace-3.13.0-cp311-cp311-musllinux_1_2_aarch64.whl", hash = "sha256:04cf4776c52cfb19914bf6e84242d110197d15426c34e45b14fa63d9085767d5"},
+    {file = "ddtrace-3.13.0-cp311-cp311-musllinux_1_2_i686.whl", hash = "sha256:6c32774e90593ebb264d53d6523b71243b9ba794ae5689e38ad522afddd06c0b"},
+    {file = "ddtrace-3.13.0-cp311-cp311-musllinux_1_2_x86_64.whl", hash = "sha256:a01f99b0287c2bbd8b305e0cb54b382eaf2a0fe89ba82f2f68fcbdd9fed040cd"},
+    {file = "ddtrace-3.13.0-cp311-cp311-win32.whl", hash = "sha256:b37efa3e7b487bd60e6fb89186d98c1ad1727871074f3519c9ca92feea7e5cd0"},
+    {file = "ddtrace-3.13.0-cp311-cp311-win_amd64.whl", hash = "sha256:112e4d96f02f94247528b65f046c69d360d6eca75b9e7cd2f95fde1c14e2002e"},
+    {file = "ddtrace-3.13.0-cp312-cp312-macosx_12_0_arm64.whl", hash = "sha256:13ac5bc306df5719d00a8b1f6925efbb9dd0ba5e121edcc2acfef24c57b3deb5"},
+    {file = "ddtrace-3.13.0-cp312-cp312-macosx_12_0_x86_64.whl", hash = "sha256:b3bdfc3cabab85f91a4f24264a2d0f6f74984a5b5994c62072c6e3b5e05320f3"},
+    {file = "ddtrace-3.13.0-cp312-cp312-manylinux2014_aarch64.manylinux_2_17_aarch64.whl", hash = "sha256:11b10f8dfadb4b1372aee820be6c22071138ede2ddb32f73486255d5879b283f"},
+    {file = "ddtrace-3.13.0-cp312-cp312-manylinux2014_x86_64.manylinux_2_17_x86_64.whl", hash = "sha256:a3d68007602797f280c971a286c3f05bdff66c12a68a3e0bd67cb5bbc1c4a67a"},
+    {file = "ddtrace-3.13.0-cp312-cp312-manylinux_2_28_i686.whl", hash = "sha256:abd00a5b83d85a951dd976a59c8673bedacdc1ea9e6acb8e72545f73bddc7879"},
+    {file = "ddtrace-3.13.0-cp312-cp312-musllinux_1_2_aarch64.whl", hash = "sha256:5dbe392b2182e6dd617e946cf41da7e3207387b912809ebe8338b794b08750b2"},
+    {file = "ddtrace-3.13.0-cp312-cp312-musllinux_1_2_i686.whl", hash = "sha256:6b38b4ad9e3f1b3421022587748f6a687ed722eae16033392fc875b5c67d6c5a"},
+    {file = "ddtrace-3.13.0-cp312-cp312-musllinux_1_2_x86_64.whl", hash = "sha256:f38a1545495c8db3318621400a3d407db457e3550a397e39cf883f41919e1dc8"},
+    {file = "ddtrace-3.13.0-cp312-cp312-win32.whl", hash = "sha256:e01bb1b305b777001d310911bd73d1fd88c9c212258caaf65f1422a0dbef1a3b"},
+    {file = "ddtrace-3.13.0-cp312-cp312-win_amd64.whl", hash = "sha256:8dbb9aa23a36599754932e79df28eb07fdd3aaca515297bf58dfcdac608273da"},
+    {file = "ddtrace-3.13.0-cp313-cp313-macosx_12_0_arm64.whl", hash = "sha256:397a68e476d8bd9aa14f8c097bc9014510948e76a0110842ab6f5fa1143ad153"},
+    {file = "ddtrace-3.13.0-cp313-cp313-macosx_12_0_x86_64.whl", hash = "sha256:fab1b06476169e2cf6a098130c44eeb3d9d8205b5a91ae8afdb7d2b4d2d0b0be"},
+    {file = "ddtrace-3.13.0-cp313-cp313-manylinux2014_aarch64.manylinux_2_17_aarch64.whl", hash = "sha256:653f75c3e838366108464f9555120f61ef0589974f346ed2c2c9cb3001d3fc6a"},
+    {file = "ddtrace-3.13.0-cp313-cp313-manylinux2014_x86_64.manylinux_2_17_x86_64.whl", hash = "sha256:80f694c3d3984c9bd3bd7818268be7ece02071c67671c6d8c815e6888ae4e78c"},
+    {file = "ddtrace-3.13.0-cp313-cp313-manylinux_2_28_i686.whl", hash = "sha256:be16f9c0583767db13403e78ac7ac7b4c103e8b7eaac6deef7c897408f24b940"},
+    {file = "ddtrace-3.13.0-cp313-cp313-musllinux_1_2_aarch64.whl", hash = "sha256:c5490a715fbb70ee03840c6a3146c76d7bfa27d5b679ce4c1a7b368eff7dee9f"},
+    {file = "ddtrace-3.13.0-cp313-cp313-musllinux_1_2_i686.whl", hash = "sha256:45235a81c828e2d6bdb4ac1bbe55582c190bc27e8820eeae5c0478ea11f1ed81"},
+    {file = "ddtrace-3.13.0-cp313-cp313-musllinux_1_2_x86_64.whl", hash = "sha256:7a9374a8cf405169a9eab7791cc94d5dc5753eefe806b5bee9909eef3d5e339d"},
+    {file = "ddtrace-3.13.0-cp313-cp313-win32.whl", hash = "sha256:6bc1648a1c046e6061e29d94d2003c17820cc3a7f1c24322dab654abe9bb30db"},
+    {file = "ddtrace-3.13.0-cp313-cp313-win_amd64.whl", hash = "sha256:8823e95f69dd3fc8a884d092fdc54a3c3078daf0f90e824fceda7e0f26acbc70"},
+    {file = "ddtrace-3.13.0-cp38-cp38-macosx_12_0_arm64.whl", hash = "sha256:338932a8511a815d5198ec09d55f6850fcb9c679a1b50a3a28fdc0ff99bd800a"},
+    {file = "ddtrace-3.13.0-cp38-cp38-macosx_12_0_x86_64.whl", hash = "sha256:c14fe68cfc1c11b9d560a3026e3e5dcdd59b725b6ce79cda66d23a26b37751e6"},
+    {file = "ddtrace-3.13.0-cp38-cp38-manylinux2014_aarch64.manylinux_2_17_aarch64.whl", hash = "sha256:3fd70631f5c70ccafde14df98a9f807e537222f13d6f03fa08bf1308eaf89301"},
+    {file = "ddtrace-3.13.0-cp38-cp38-manylinux2014_x86_64.manylinux_2_17_x86_64.whl", hash = "sha256:09c71f464afb05d7f1a2758112f4feaf2bca39daa22a6c3f75999227eb40e2ec"},
+    {file = "ddtrace-3.13.0-cp38-cp38-manylinux_2_28_i686.whl", hash = "sha256:481b13365e3cf100bf35f305bd0680695fa369e67a9ec4e1b41788df62ac1d0b"},
+    {file = "ddtrace-3.13.0-cp38-cp38-musllinux_1_2_aarch64.whl", hash = "sha256:0d99ebbef96f406e0436bd21a92354c3c338fc6a8fe85d0a26fe942bc563b721"},
+    {file = "ddtrace-3.13.0-cp38-cp38-musllinux_1_2_i686.whl", hash = "sha256:28086003f1c5ce3e84239eea9d624afcc386b38f2115c3438ea49beff84ff861"},
+    {file = "ddtrace-3.13.0-cp38-cp38-musllinux_1_2_x86_64.whl", hash = "sha256:f280e80560f5c953bb16b168bed1b6f7d527ef98f81860422500040ee57a7aba"},
+    {file = "ddtrace-3.13.0-cp38-cp38-win32.whl", hash = "sha256:82f0b76c83e368c686594f42809d727143ee89a879d1a76cde9f75d4cea07cb4"},
+    {file = "ddtrace-3.13.0-cp38-cp38-win_amd64.whl", hash = "sha256:dd7b3a9933b11b2fce4dd4cb34ee465bc3c87024444a2e6a5a653f424bae8e37"},
+    {file = "ddtrace-3.13.0-cp39-cp39-macosx_12_0_arm64.whl", hash = "sha256:c1ce2123615e4618050ec7fc96e296283f23c45eddcf3a2fe94386f7513795a4"},
+    {file = "ddtrace-3.13.0-cp39-cp39-macosx_12_0_x86_64.whl", hash = "sha256:9dae3459edd5cc7a1124596b524b743b1d2bddf4155ca9679c599740ad71546d"},
+    {file = "ddtrace-3.13.0-cp39-cp39-manylinux2014_aarch64.manylinux_2_17_aarch64.whl", hash = "sha256:8d36d0cf84a39b29f88dcb06a20fc3f2c7a9eca8eb1fd5d15bc5a51de095962c"},
+    {file = "ddtrace-3.13.0-cp39-cp39-manylinux2014_x86_64.manylinux_2_17_x86_64.whl", hash = "sha256:d4a55277a3db32fee06030fd0dbf77c2e867541c3e4b65e68e46b03971401173"},
+    {file = "ddtrace-3.13.0-cp39-cp39-manylinux_2_28_i686.whl", hash = "sha256:cb97593d9739f0be6647e19edc6fc6998dfba3e78fb9d2df5fef9ebfb117aa85"},
+    {file = "ddtrace-3.13.0-cp39-cp39-musllinux_1_2_aarch64.whl", hash = "sha256:f905e5bb2db4c154fca25ded15c3e1d633951db2d6ed2989f630ee3afd589cc0"},
+    {file = "ddtrace-3.13.0-cp39-cp39-musllinux_1_2_i686.whl", hash = "sha256:de3ecc6428330117ef063ef6a90326669a9a4cf3e766674228ec384edca52bb1"},
+    {file = "ddtrace-3.13.0-cp39-cp39-musllinux_1_2_x86_64.whl", hash = "sha256:eec340ef5152e971dc6ab075945dfa7c41285f8441bea0a78f5f4cd1f6b9aab6"},
+    {file = "ddtrace-3.13.0-cp39-cp39-win32.whl", hash = "sha256:8c2831f928393f934bfe9f9b5f0eeb22a0f5c88fbebe32cc5106b24409847d6b"},
+    {file = "ddtrace-3.13.0-cp39-cp39-win_amd64.whl", hash = "sha256:e04f4c41e7216422e9cd101bee70a823f56dddb8333158e1e72b73332e1a311d"},
+    {file = "ddtrace-3.13.0.tar.gz", hash = "sha256:d7d3d82795d29cf2385aa692ee5c65e469ebfa34469941055af66eae2eefa374"},
 ]
 
 [package.dependencies]
@@ -1901,25 +1902,25 @@ files = [
 
 [[package]]
 name = "fastapi"
-version = "0.116.1"
+version = "0.117.1"
 description = "FastAPI framework, high performance, easy to learn, fast to code, ready for production"
 optional = false
 python-versions = ">=3.8"
 groups = ["main"]
 files = [
-    {file = "fastapi-0.116.1-py3-none-any.whl", hash = "sha256:c46ac7c312df840f0c9e220f7964bada936781bc4e2e6eb71f1c4d7553786565"},
-    {file = "fastapi-0.116.1.tar.gz", hash = "sha256:ed52cbf946abfd70c5a0dccb24673f0670deeb517a88b3544d03c2a6bf283143"},
+    {file = "fastapi-0.117.1-py3-none-any.whl", hash = "sha256:33c51a0d21cab2b9722d4e56dbb9316f3687155be6b276191790d8da03507552"},
+    {file = "fastapi-0.117.1.tar.gz", hash = "sha256:fb2d42082d22b185f904ca0ecad2e195b851030bd6c5e4c032d1c981240c631a"},
 ]
 
 [package.dependencies]
 pydantic = ">=1.7.4,<1.8 || >1.8,<1.8.1 || >1.8.1,<2.0.0 || >2.0.0,<2.0.1 || >2.0.1,<2.1.0 || >2.1.0,<3.0.0"
-starlette = ">=0.40.0,<0.48.0"
+starlette = ">=0.40.0,<0.49.0"
 typing-extensions = ">=4.8.0"
 
 [package.extras]
-all = ["email-validator (>=2.0.0)", "fastapi-cli[standard] (>=0.0.8)", "httpx (>=0.23.0)", "itsdangerous (>=1.1.0)", "jinja2 (>=3.1.5)", "orjson (>=3.2.1)", "pydantic-extra-types (>=2.0.0)", "pydantic-settings (>=2.0.0)", "python-multipart (>=0.0.18)", "pyyaml (>=5.3.1)", "ujson (>=4.0.1,!=4.0.2,!=4.1.0,!=4.2.0,!=4.3.0,!=5.0.0,!=5.1.0)", "uvicorn[standard] (>=0.12.0)"]
-standard = ["email-validator (>=2.0.0)", "fastapi-cli[standard] (>=0.0.8)", "httpx (>=0.23.0)", "jinja2 (>=3.1.5)", "python-multipart (>=0.0.18)", "uvicorn[standard] (>=0.12.0)"]
-standard-no-fastapi-cloud-cli = ["email-validator (>=2.0.0)", "fastapi-cli[standard-no-fastapi-cloud-cli] (>=0.0.8)", "httpx (>=0.23.0)", "jinja2 (>=3.1.5)", "python-multipart (>=0.0.18)", "uvicorn[standard] (>=0.12.0)"]
+all = ["email-validator (>=2.0.0)", "fastapi-cli[standard] (>=0.0.8)", "httpx (>=0.23.0,<1.0.0)", "itsdangerous (>=1.1.0)", "jinja2 (>=3.1.5)", "orjson (>=3.2.1)", "pydantic-extra-types (>=2.0.0)", "pydantic-settings (>=2.0.0)", "python-multipart (>=0.0.18)", "pyyaml (>=5.3.1)", "ujson (>=4.0.1,!=4.0.2,!=4.1.0,!=4.2.0,!=4.3.0,!=5.0.0,!=5.1.0)", "uvicorn[standard] (>=0.12.0)"]
+standard = ["email-validator (>=2.0.0)", "fastapi-cli[standard] (>=0.0.8)", "httpx (>=0.23.0,<1.0.0)", "jinja2 (>=3.1.5)", "python-multipart (>=0.0.18)", "uvicorn[standard] (>=0.12.0)"]
+standard-no-fastapi-cloud-cli = ["email-validator (>=2.0.0)", "fastapi-cli[standard-no-fastapi-cloud-cli] (>=0.0.8)", "httpx (>=0.23.0,<1.0.0)", "jinja2 (>=3.1.5)", "python-multipart (>=0.0.18)", "uvicorn[standard] (>=0.12.0)"]
 
 [[package]]
 name = "fastjsonschema"
@@ -1989,6 +1990,7 @@ files = [
     {file = "fastuuid-0.12.0-cp313-cp313-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:b9b31dd488d0778c36f8279b306dc92a42f16904cba54acca71e107d65b60b0c"},
     {file = "fastuuid-0.12.0-cp313-cp313-manylinux_2_34_x86_64.whl", hash = "sha256:b19361ee649365eefc717ec08005972d3d1eb9ee39908022d98e3bfa9da59e37"},
     {file = "fastuuid-0.12.0-cp313-cp313-win_amd64.whl", hash = "sha256:8fc66b11423e6f3e1937385f655bedd67aebe56a3dcec0cb835351cfe7d358c9"},
+    {file = "fastuuid-0.12.0-cp38-cp38-macosx_10_12_x86_64.whl", hash = "sha256:2925f67b88d47cb16aa3eb1ab20fdcf21b94d74490e0818c91ea41434b987493"},
     {file = "fastuuid-0.12.0-cp38-cp38-macosx_11_0_arm64.whl", hash = "sha256:7b15c54d300279ab20a9cc0579ada9c9f80d1bc92997fc61fb7bf3103d7cb26b"},
     {file = "fastuuid-0.12.0-cp38-cp38-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:458f1bc3ebbd76fdb89ad83e6b81ccd3b2a99fa6707cd3650b27606745cfb170"},
     {file = "fastuuid-0.12.0-cp38-cp38-manylinux_2_34_x86_64.whl", hash = "sha256:a8f0f83fbba6dc44271a11b22e15838641b8c45612cdf541b4822a5930f6893c"},
@@ -2291,6 +2293,72 @@ test-downstream = ["aiobotocore (>=2.5.4,<3.0.0)", "dask[dataframe,test]", "moto
 test-full = ["adlfs", "aiohttp (!=4.0.0a0,!=4.0.0a1)", "cloudpickle", "dask", "distributed", "dropbox", "dropboxdrivefs", "fastparquet", "fusepy", "gcsfs", "jinja2", "kerchunk", "libarchive-c", "lz4", "notebook", "numpy", "ocifs", "pandas", "panel", "paramiko", "pyarrow", "pyarrow (>=1)", "pyftpdlib", "pygit2", "pytest", "pytest-asyncio (!=0.22.0)", "pytest-benchmark", "pytest-cov", "pytest-mock", "pytest-recording", "pytest-rerunfailures", "python-snappy", "requests", "smbprotocol", "tqdm", "urllib3", "zarr", "zstandard ; python_version < \"3.14\""]
 tqdm = ["tqdm"]
 
+[[package]]
+name = "gevent"
+version = "25.9.1"
+description = "Coroutine-based network library"
+optional = false
+python-versions = ">=3.9"
+groups = ["test"]
+files = [
+    {file = "gevent-25.9.1-cp310-cp310-manylinux2014_aarch64.manylinux_2_17_aarch64.whl", hash = "sha256:856b990be5590e44c3a3dc6c8d48a40eaccbb42e99d2b791d11d1e7711a4297e"},
+    {file = "gevent-25.9.1-cp310-cp310-manylinux2014_ppc64le.manylinux_2_17_ppc64le.whl", hash = "sha256:fe1599d0b30e6093eb3213551751b24feeb43db79f07e89d98dd2f3330c9063e"},
+    {file = "gevent-25.9.1-cp310-cp310-manylinux2014_s390x.manylinux_2_17_s390x.whl", hash = "sha256:f0d8b64057b4bf1529b9ef9bd2259495747fba93d1f836c77bfeaacfec373fd0"},
+    {file = "gevent-25.9.1-cp310-cp310-manylinux2014_x86_64.manylinux_2_17_x86_64.whl", hash = "sha256:b56cbc820e3136ba52cd690bdf77e47a4c239964d5f80dc657c1068e0fe9521c"},
+    {file = "gevent-25.9.1-cp310-cp310-musllinux_1_2_aarch64.whl", hash = "sha256:c5fa9ce5122c085983e33e0dc058f81f5264cebe746de5c401654ab96dddfca8"},
+    {file = "gevent-25.9.1-cp310-cp310-musllinux_1_2_x86_64.whl", hash = "sha256:03c74fec58eda4b4edc043311fca8ba4f8744ad1632eb0a41d5ec25413581975"},
+    {file = "gevent-25.9.1-cp310-cp310-win_amd64.whl", hash = "sha256:a8ae9f895e8651d10b0a8328a61c9c53da11ea51b666388aa99b0ce90f9fdc27"},
+    {file = "gevent-25.9.1-cp311-cp311-manylinux2014_aarch64.manylinux_2_17_aarch64.whl", hash = "sha256:18e5aff9e8342dc954adb9c9c524db56c2f3557999463445ba3d9cbe3dada7b7"},
+    {file = "gevent-25.9.1-cp311-cp311-manylinux2014_ppc64le.manylinux_2_17_ppc64le.whl", hash = "sha256:1cdf6db28f050ee103441caa8b0448ace545364f775059d5e2de089da975c457"},
+    {file = "gevent-25.9.1-cp311-cp311-manylinux2014_s390x.manylinux_2_17_s390x.whl", hash = "sha256:812debe235a8295be3b2a63b136c2474241fa5c58af55e6a0f8cfc29d4936235"},
+    {file = "gevent-25.9.1-cp311-cp311-manylinux2014_x86_64.manylinux_2_17_x86_64.whl", hash = "sha256:b28b61ff9216a3d73fe8f35669eefcafa957f143ac534faf77e8a19eb9e6883a"},
+    {file = "gevent-25.9.1-cp311-cp311-musllinux_1_2_aarch64.whl", hash = "sha256:5e4b6278b37373306fc6b1e5f0f1cf56339a1377f67c35972775143d8d7776ff"},
+    {file = "gevent-25.9.1-cp311-cp311-musllinux_1_2_x86_64.whl", hash = "sha256:d99f0cb2ce43c2e8305bf75bee61a8bde06619d21b9d0316ea190fc7a0620a56"},
+    {file = "gevent-25.9.1-cp311-cp311-win_amd64.whl", hash = "sha256:72152517ecf548e2f838c61b4be76637d99279dbaa7e01b3924df040aa996586"},
+    {file = "gevent-25.9.1-cp312-cp312-macosx_11_0_universal2.whl", hash = "sha256:46b188248c84ffdec18a686fcac5dbb32365d76912e14fda350db5dc0bfd4f86"},
+    {file = "gevent-25.9.1-cp312-cp312-manylinux2014_aarch64.manylinux_2_17_aarch64.whl", hash = "sha256:f2b54ea3ca6f0c763281cd3f96010ac7e98c2e267feb1221b5a26e2ca0b9a692"},
+    {file = "gevent-25.9.1-cp312-cp312-manylinux2014_ppc64le.manylinux_2_17_ppc64le.whl", hash = "sha256:7a834804ac00ed8a92a69d3826342c677be651b1c3cd66cc35df8bc711057aa2"},
+    {file = "gevent-25.9.1-cp312-cp312-manylinux2014_s390x.manylinux_2_17_s390x.whl", hash = "sha256:323a27192ec4da6b22a9e51c3d9d896ff20bc53fdc9e45e56eaab76d1c39dd74"},
+    {file = "gevent-25.9.1-cp312-cp312-manylinux2014_x86_64.manylinux_2_17_x86_64.whl", hash = "sha256:6ea78b39a2c51d47ff0f130f4c755a9a4bbb2dd9721149420ad4712743911a51"},
+    {file = "gevent-25.9.1-cp312-cp312-musllinux_1_2_aarch64.whl", hash = "sha256:dc45cd3e1cc07514a419960af932a62eb8515552ed004e56755e4bf20bad30c5"},
+    {file = "gevent-25.9.1-cp312-cp312-musllinux_1_2_x86_64.whl", hash = "sha256:34e01e50c71eaf67e92c186ee0196a039d6e4f4b35670396baed4a2d8f1b347f"},
+    {file = "gevent-25.9.1-cp312-cp312-win_amd64.whl", hash = "sha256:4acd6bcd5feabf22c7c5174bd3b9535ee9f088d2bbce789f740ad8d6554b18f3"},
+    {file = "gevent-25.9.1-cp313-cp313-macosx_11_0_universal2.whl", hash = "sha256:4f84591d13845ee31c13f44bdf6bd6c3dbf385b5af98b2f25ec328213775f2ed"},
+    {file = "gevent-25.9.1-cp313-cp313-manylinux2014_aarch64.manylinux_2_17_aarch64.whl", hash = "sha256:9cdbb24c276a2d0110ad5c978e49daf620b153719ac8a548ce1250a7eb1b9245"},
+    {file = "gevent-25.9.1-cp313-cp313-manylinux2014_ppc64le.manylinux_2_17_ppc64le.whl", hash = "sha256:88b6c07169468af631dcf0fdd3658f9246d6822cc51461d43f7c44f28b0abb82"},
+    {file = "gevent-25.9.1-cp313-cp313-manylinux2014_s390x.manylinux_2_17_s390x.whl", hash = "sha256:b7bb0e29a7b3e6ca9bed2394aa820244069982c36dc30b70eb1004dd67851a48"},
+    {file = "gevent-25.9.1-cp313-cp313-manylinux2014_x86_64.manylinux_2_17_x86_64.whl", hash = "sha256:2951bb070c0ee37b632ac9134e4fdaad70d2e660c931bb792983a0837fe5b7d7"},
+    {file = "gevent-25.9.1-cp313-cp313-musllinux_1_2_aarch64.whl", hash = "sha256:e4e17c2d57e9a42e25f2a73d297b22b60b2470a74be5a515b36c984e1a246d47"},
+    {file = "gevent-25.9.1-cp313-cp313-musllinux_1_2_x86_64.whl", hash = "sha256:8d94936f8f8b23d9de2251798fcb603b84f083fdf0d7f427183c1828fb64f117"},
+    {file = "gevent-25.9.1-cp313-cp313-win_amd64.whl", hash = "sha256:eb51c5f9537b07da673258b4832f6635014fee31690c3f0944d34741b69f92fa"},
+    {file = "gevent-25.9.1-cp314-cp314-macosx_11_0_universal2.whl", hash = "sha256:1a3fe4ea1c312dbf6b375b416925036fe79a40054e6bf6248ee46526ea628be1"},
+    {file = "gevent-25.9.1-cp314-cp314-manylinux2014_aarch64.manylinux_2_17_aarch64.whl", hash = "sha256:0adb937f13e5fb90cca2edf66d8d7e99d62a299687400ce2edee3f3504009356"},
+    {file = "gevent-25.9.1-cp314-cp314-manylinux2014_ppc64le.manylinux_2_17_ppc64le.whl", hash = "sha256:427f869a2050a4202d93cf7fd6ab5cffb06d3e9113c10c967b6e2a0d45237cb8"},
+    {file = "gevent-25.9.1-cp314-cp314-manylinux2014_s390x.manylinux_2_17_s390x.whl", hash = "sha256:c049880175e8c93124188f9d926af0a62826a3b81aa6d3074928345f8238279e"},
+    {file = "gevent-25.9.1-cp314-cp314-manylinux2014_x86_64.manylinux_2_17_x86_64.whl", hash = "sha256:b5a67a0974ad9f24721034d1e008856111e0535f1541499f72a733a73d658d1c"},
+    {file = "gevent-25.9.1-cp314-cp314-musllinux_1_2_aarch64.whl", hash = "sha256:1d0f5d8d73f97e24ea8d24d8be0f51e0cf7c54b8021c1fddb580bf239474690f"},
+    {file = "gevent-25.9.1-cp314-cp314-musllinux_1_2_x86_64.whl", hash = "sha256:ddd3ff26e5c4240d3fbf5516c2d9d5f2a998ef87cfb73e1429cfaeaaec860fa6"},
+    {file = "gevent-25.9.1-cp314-cp314-win_amd64.whl", hash = "sha256:bb63c0d6cb9950cc94036a4995b9cc4667b8915366613449236970f4394f94d7"},
+    {file = "gevent-25.9.1-cp39-cp39-manylinux2014_x86_64.manylinux_2_17_x86_64.whl", hash = "sha256:f18f80aef6b1f6907219affe15b36677904f7cfeed1f6a6bc198616e507ae2d7"},
+    {file = "gevent-25.9.1-cp39-cp39-musllinux_1_2_x86_64.whl", hash = "sha256:b274a53e818124a281540ebb4e7a2c524778f745b7a99b01bdecf0ca3ac0ddb0"},
+    {file = "gevent-25.9.1-cp39-cp39-win32.whl", hash = "sha256:c6c91f7e33c7f01237755884316110ee7ea076f5bdb9aa0982b6dc63243c0a38"},
+    {file = "gevent-25.9.1-cp39-cp39-win_amd64.whl", hash = "sha256:012a44b0121f3d7c800740ff80351c897e85e76a7e4764690f35c5ad9ec17de5"},
+    {file = "gevent-25.9.1.tar.gz", hash = "sha256:adf9cd552de44a4e6754c51ff2e78d9193b7fa6eab123db9578a210e657235dd"},
+]
+
+[package.dependencies]
+cffi = {version = ">=1.17.1", markers = "platform_python_implementation == \"CPython\" and sys_platform == \"win32\""}
+greenlet = {version = ">=3.2.2", markers = "platform_python_implementation == \"CPython\""}
+"zope.event" = "*"
+"zope.interface" = "*"
+
+[package.extras]
+dnspython = ["dnspython (>=1.16.0,<2.0) ; python_version < \"3.10\"", "idna ; python_version < \"3.10\""]
+docs = ["furo", "repoze.sphinx.autointerface", "sphinx", "sphinxcontrib-programoutput", "zope.schema"]
+monitor = ["psutil (>=5.7.0) ; sys_platform != \"win32\" or platform_python_implementation == \"CPython\""]
+recommended = ["cffi (>=1.17.1) ; platform_python_implementation == \"CPython\"", "dnspython (>=1.16.0,<2.0) ; python_version < \"3.10\"", "idna ; python_version < \"3.10\"", "psutil (>=5.7.0) ; sys_platform != \"win32\" or platform_python_implementation == \"CPython\""]
+test = ["cffi (>=1.17.1) ; platform_python_implementation == \"CPython\"", "coverage (>=5.0) ; sys_platform != \"win32\"", "dnspython (>=1.16.0,<2.0) ; python_version < \"3.10\"", "idna ; python_version < \"3.10\"", "objgraph", "psutil (>=5.7.0) ; sys_platform != \"win32\" or platform_python_implementation == \"CPython\"", "requests"]
+
 [[package]]
 name = "gitdb"
 version = "4.0.12"
@@ -2325,27 +2393,6 @@ gitdb = ">=4.0.1,<5"
 doc = ["sphinx (>=7.1.2,<7.2)", "sphinx-autodoc-typehints", "sphinx_rtd_theme"]
 test = ["coverage[toml]", "ddt (>=1.1.1,!=1.4.3)", "mock ; python_version < \"3.8\"", "mypy", "pre-commit", "pytest (>=7.3.1)", "pytest-cov", "pytest-instafail", "pytest-mock", "pytest-sugar", "typing-extensions ; python_version < \"3.11\""]
 
-[[package]]
-name = "google-ai-generativelanguage"
-version = "0.6.15"
-description = "Google Ai Generativelanguage API client library"
-optional = false
-python-versions = ">=3.7"
-groups = ["main"]
-files = [
-    {file = "google_ai_generativelanguage-0.6.15-py3-none-any.whl", hash = "sha256:5a03ef86377aa184ffef3662ca28f19eeee158733e45d7947982eb953c6ebb6c"},
-    {file = "google_ai_generativelanguage-0.6.15.tar.gz", hash = "sha256:8f6d9dc4c12b065fe2d0289026171acea5183ebf2d0b11cefe12f3821e159ec3"},
-]
-
-[package.dependencies]
-google-api-core = {version = ">=1.34.1,<2.0.dev0 || >=2.11.dev0,<3.0.0dev", extras = ["grpc"]}
-google-auth = ">=2.14.1,<2.24.0 || >2.24.0,<2.25.0 || >2.25.0,<3.0.0dev"
-proto-plus = [
-    {version = ">=1.25.0,<2.0.0dev", markers = "python_version >= \"3.13\""},
-    {version = ">=1.22.3,<2.0.0dev"},
-]
-protobuf = ">=3.20.2,<4.21.0 || >4.21.0,<4.21.1 || >4.21.1,<4.21.2 || >4.21.2,<4.21.3 || >4.21.3,<4.21.4 || >4.21.4,<4.21.5 || >4.21.5,<6.0.0dev"
-
 [[package]]
 name = "google-api-core"
 version = "2.25.1"
@@ -2684,30 +2731,6 @@ websockets = ">=13.0.0,<15.1.0"
 [package.extras]
 aiohttp = ["aiohttp (<4.0.0)"]
 
-[[package]]
-name = "google-generativeai"
-version = "0.8.5"
-description = "Google Generative AI High level API client library and tools."
-optional = false
-python-versions = ">=3.9"
-groups = ["main"]
-files = [
-    {file = "google_generativeai-0.8.5-py3-none-any.whl", hash = "sha256:22b420817fb263f8ed520b33285f45976d5b21e904da32b80d4fd20c055123a2"},
-]
-
-[package.dependencies]
-google-ai-generativelanguage = "0.6.15"
-google-api-core = "*"
-google-api-python-client = "*"
-google-auth = ">=2.15.0"
-protobuf = "*"
-pydantic = "*"
-tqdm = "*"
-typing-extensions = "*"
-
-[package.extras]
-dev = ["Pillow", "absl-py", "black", "ipython", "nose2", "pandas", "pytype", "pyyaml"]
-
 [[package]]
 name = "google-resumable-media"
 version = "2.7.2"
@@ -2752,7 +2775,7 @@ version = "3.2.4"
 description = "Lightweight in-process concurrent programming"
 optional = false
 python-versions = ">=3.9"
-groups = ["main"]
+groups = ["main", "test"]
 files = [
     {file = "greenlet-3.2.4-cp310-cp310-macosx_11_0_universal2.whl", hash = "sha256:8c68325b0d0acf8d91dde4e6f930967dd52a5302cd4062932a6b2e7c2969f47c"},
     {file = "greenlet-3.2.4-cp310-cp310-manylinux2014_aarch64.manylinux_2_17_aarch64.whl", hash = "sha256:94385f101946790ae13da500603491f04a76b6e4c059dab271b3ce2e283b2590"},
@@ -2809,6 +2832,7 @@ files = [
     {file = "greenlet-3.2.4-cp39-cp39-win_amd64.whl", hash = "sha256:d2e685ade4dafd447ede19c31277a224a239a0a1a4eca4e6390efedf20260cfb"},
     {file = "greenlet-3.2.4.tar.gz", hash = "sha256:0dca0d95ff849f9a364385f36ab49f50065d76964944638be9691e1832e9f86d"},
 ]
+markers = {test = "platform_python_implementation == \"CPython\""}
 
 [package.extras]
 docs = ["Sphinx", "furo"]
@@ -5408,7 +5432,7 @@ llama = ["llama-index (>=0.12.29,<0.13.0)", "llama-index-core (>=0.12.29,<0.13.0
 
 [[package]]
 name = "openhands-ai"
-version = "0.55.0"
+version = "0.57.0"
 description = "OpenHands: Code Less, Make More"
 optional = false
 python-versions = "^3.12,<3.14"
@@ -5432,7 +5456,7 @@ google-api-python-client = "^2.164.0"
 google-auth-httplib2 = "*"
 google-auth-oauthlib = "*"
 google-cloud-aiplatform = "*"
-google-generativeai = "*"
+google-genai = "*"
 html2text = "*"
 httpx-aiohttp = "^0.1.8"
 ipywidgets = "^8.1.5"
@@ -5442,7 +5466,7 @@ json-repair = "*"
 jupyter_kernel_gateway = "*"
 kubernetes = "^33.1.0"
 libtmux = ">=0.37,<0.40"
-litellm = "^1.74.3, !=1.64.4, !=1.67.*"
+litellm = ">=1.74.3, <1.77.2, !=1.64.4, !=1.67.*"
 memory-profiler = "^0.61.0"
 numpy = "*"
 openai = "1.99.9"
@@ -5451,6 +5475,7 @@ opentelemetry-api = "^1.33.1"
 opentelemetry-exporter-otlp-proto-grpc = "^1.33.1"
 pathspec = "^0.12.1"
 pexpect = "*"
+pillow = "^11.3.0"
 poetry = "^2.1.2"
 prompt-toolkit = "^3.0.50"
 protobuf = "^5.0.0,<6.0.0"
@@ -5458,6 +5483,7 @@ psutil = "*"
 pygithub = "^2.5.0"
 pyjwt = "^2.9.0"
 pylatexenc = "*"
+pypdf = "^6.0.0"
 PyPDF2 = "*"
 python-docx = "*"
 python-dotenv = "*"
@@ -5471,19 +5497,23 @@ pyyaml = "^6.0.2"
 qtconsole = "^5.6.1"
 rapidfuzz = "^3.9.0"
 redis = ">=5.2,<7.0"
+requests = "^2.32.5"
+setuptools = ">=78.1.1"
 shellingham = "^1.5.4"
-sse-starlette = "^2.1.3"
+sse-starlette = "^3.0.2"
+starlette = "^0.48.0"
 tenacity = ">=8.5,<10.0"
 termcolor = "*"
 toml = "*"
 tornado = "*"
 types-toml = "*"
+urllib3 = "^2.5.0"
 uvicorn = "*"
 whatthepatch = "^1.0.6"
 zope-interface = "7.2"
 
 [package.extras]
-third-party-runtimes = ["daytona (==0.24.2)", "e2b (>=1.0.5,<1.8.0)", "modal (>=0.66.26,<1.2.0)", "runloop-api-client (==0.50.0)"]
+third-party-runtimes = ["daytona (==0.24.2)", "e2b-code-interpreter (>=2.0.0,<3.0.0)", "modal (>=0.66.26,<1.2.0)", "runloop-api-client (==0.50.0)"]
 
 [package.source]
 type = "directory"
@@ -6083,14 +6113,14 @@ files = [
 
 [[package]]
 name = "posthog"
-version = "4.10.0"
+version = "6.7.6"
 description = "Integrate PostHog into any python application."
 optional = false
 python-versions = ">=3.9"
 groups = ["main"]
 files = [
-    {file = "posthog-4.10.0-py3-none-any.whl", hash = "sha256:b693d3d8209d000d8c5f4d6ea19096bfdfb83047fa8a14c937ae50a3394809a1"},
-    {file = "posthog-4.10.0.tar.gz", hash = "sha256:513bfbb21344013294abc046b1142173189c5422a3906cf2280d1389b0c2e28b"},
+    {file = "posthog-6.7.6-py3-none-any.whl", hash = "sha256:b09a7e65a042ec416c28874b397d3accae412a80a8b0ef3fa686fbffc99e4d4b"},
+    {file = "posthog-6.7.6.tar.gz", hash = "sha256:ee5c5ad04b857d96d9b7a4f715e23916a2f206bfcf25e5a9d328a3d27664b0d3"},
 ]
 
 [package.dependencies]
@@ -6099,11 +6129,11 @@ distro = ">=1.5.0"
 python-dateutil = ">=2.2"
 requests = ">=2.7,<3.0"
 six = ">=1.5"
+typing-extensions = ">=4.2.0"
 
 [package.extras]
 dev = ["django-stubs", "lxml", "mypy", "mypy-baseline", "packaging", "pre-commit", "pydantic", "ruff", "setuptools", "tomli", "tomli_w", "twine", "types-mock", "types-python-dateutil", "types-requests", "types-setuptools", "types-six", "wheel"]
 langchain = ["langchain (>=0.2.0)"]
-sentry = ["django", "sentry-sdk"]
 test = ["anthropic", "coverage", "django", "freezegun (==1.5.1)", "google-genai", "langchain-anthropic (>=0.3.15)", "langchain-community (>=0.3.25)", "langchain-core (>=0.3.65)", "langchain-openai (>=0.3.22)", "langgraph (>=0.4.8)", "mock (>=2.0.0)", "openai", "parameterized (>=0.8.1)", "pydantic", "pytest", "pytest-asyncio", "pytest-timeout"]
 
 [[package]]
@@ -6516,11 +6546,12 @@ version = "2.22"
 description = "C parser in Python"
 optional = false
 python-versions = ">=3.8"
-groups = ["main"]
+groups = ["main", "test"]
 files = [
     {file = "pycparser-2.22-py3-none-any.whl", hash = "sha256:c3702b6d3dd8c7abc1afa565d7e63d53a1d0bd86cdc24edd75470f4de499cfcc"},
     {file = "pycparser-2.22.tar.gz", hash = "sha256:491c8be9c040f5390f5bf44a5b07752bd07f56edf992381b05c701439eec10f6"},
 ]
+markers = {test = "platform_python_implementation == \"CPython\" and sys_platform == \"win32\""}
 
 [[package]]
 name = "pydantic"
@@ -8310,7 +8341,7 @@ version = "80.9.0"
 description = "Easily download, build, install, upgrade, and uninstall Python packages"
 optional = false
 python-versions = ">=3.9"
-groups = ["main"]
+groups = ["main", "test"]
 files = [
     {file = "setuptools-80.9.0-py3-none-any.whl", hash = "sha256:062d34222ad13e0cc312a4c02d73f059e86a4acbfbdea8f8f76b28c99f306922"},
     {file = "setuptools-80.9.0.tar.gz", hash = "sha256:f36b47402ecde768dbfafc46e8e4207b4360c654f1f3bb84475f0a28628fb19c"},
@@ -8676,14 +8707,14 @@ sqlcipher = ["sqlcipher3_binary"]
 
 [[package]]
 name = "sse-starlette"
-version = "2.4.1"
+version = "3.0.2"
 description = "SSE plugin for Starlette"
 optional = false
 python-versions = ">=3.9"
 groups = ["main"]
 files = [
-    {file = "sse_starlette-2.4.1-py3-none-any.whl", hash = "sha256:08b77ea898ab1a13a428b2b6f73cfe6d0e607a7b4e15b9bb23e4a37b087fd39a"},
-    {file = "sse_starlette-2.4.1.tar.gz", hash = "sha256:7c8a800a1ca343e9165fc06bbda45c78e4c6166320707ae30b416c42da070926"},
+    {file = "sse_starlette-3.0.2-py3-none-any.whl", hash = "sha256:16b7cbfddbcd4eaca11f7b586f3b8a080f1afe952c15813455b162edea619e5a"},
+    {file = "sse_starlette-3.0.2.tar.gz", hash = "sha256:ccd60b5765ebb3584d0de2d7a6e4f745672581de4f5005ab31c3a25d10b52b3a"},
 ]
 
 [package.dependencies]
@@ -8691,7 +8722,7 @@ anyio = ">=4.7.0"
 
 [package.extras]
 daphne = ["daphne (>=4.2.0)"]
-examples = ["aiosqlite (>=0.21.0)", "fastapi (>=0.115.12)", "sqlalchemy[asyncio,examples] (>=2.0.41)", "starlette (>=0.41.3)", "uvicorn (>=0.34.0)"]
+examples = ["aiosqlite (>=0.21.0)", "fastapi (>=0.115.12)", "sqlalchemy[asyncio] (>=2.0.41)", "starlette (>=0.41.3)", "uvicorn (>=0.34.0)"]
 granian = ["granian (>=2.3.1)"]
 uvicorn = ["uvicorn (>=0.34.0)"]
 
@@ -8747,14 +8778,14 @@ files = [
 
 [[package]]
 name = "starlette"
-version = "0.47.3"
+version = "0.48.0"
 description = "The little ASGI library that shines."
 optional = false
 python-versions = ">=3.9"
 groups = ["main"]
 files = [
-    {file = "starlette-0.47.3-py3-none-any.whl", hash = "sha256:89c0778ca62a76b826101e7c709e70680a1699ca7da6b44d38eb0a7e61fe4b51"},
-    {file = "starlette-0.47.3.tar.gz", hash = "sha256:6bc94f839cc176c4858894f1f8908f0ab79dfec1a6b8402f6da9be26ebea52e9"},
+    {file = "starlette-0.48.0-py3-none-any.whl", hash = "sha256:0764ca97b097582558ecb498132ed0c7d942f233f365b86ba37770e026510659"},
+    {file = "starlette-0.48.0.tar.gz", hash = "sha256:7e8cee469a8ab2352911528110ce9088fdc6a37d9876926e73da7ce4aa4c7a46"},
 ]
 
 [package.dependencies]
@@ -9883,13 +9914,32 @@ enabler = ["pytest-enabler (>=2.2)"]
 test = ["big-O", "jaraco.functools", "jaraco.itertools", "jaraco.test", "more_itertools", "pytest (>=6,!=8.1.*)", "pytest-ignore-flaky"]
 type = ["pytest-mypy"]
 
+[[package]]
+name = "zope-event"
+version = "6.0"
+description = "Very basic event publishing system"
+optional = false
+python-versions = ">=3.9"
+groups = ["test"]
+files = [
+    {file = "zope_event-6.0-py3-none-any.whl", hash = "sha256:6f0922593407cc673e7d8766b492c519f91bdc99f3080fe43dcec0a800d682a3"},
+    {file = "zope_event-6.0.tar.gz", hash = "sha256:0ebac894fa7c5f8b7a89141c272133d8c1de6ddc75ea4b1f327f00d1f890df92"},
+]
+
+[package.dependencies]
+setuptools = ">=75.8.2"
+
+[package.extras]
+docs = ["Sphinx"]
+test = ["zope.testrunner (>=6.4)"]
+
 [[package]]
 name = "zope-interface"
 version = "7.2"
 description = "Interfaces for Python"
 optional = false
 python-versions = ">=3.8"
-groups = ["main"]
+groups = ["main", "test"]
 files = [
     {file = "zope.interface-7.2-cp310-cp310-macosx_10_9_x86_64.whl", hash = "sha256:ce290e62229964715f1011c3dbeab7a4a1e4971fd6f31324c4519464473ef9f2"},
     {file = "zope.interface-7.2-cp310-cp310-macosx_11_0_arm64.whl", hash = "sha256:05b910a5afe03256b58ab2ba6288960a2892dfeef01336dc4be6f1b9ed02ab0a"},
@@ -10053,4 +10103,4 @@ cffi = ["cffi (>=1.17) ; python_version >= \"3.13\" and platform_python_implemen
 [metadata]
 lock-version = "2.1"
 python-versions = "^3.12,<3.14"
-content-hash = "0e611931bd3823ee8b6d832b6ef444868a644e21927a9fb72d4aeaab8170028e"
+content-hash = "fac67a8991a3e2c840a23702dc90f99e98d381f3537ad50b4c4739cdbde941ca"

enterprise/pyproject.toml

@@ -37,8 +37,8 @@ sqlalchemy = { extras = [ "asyncio" ], version = "^2.0.40" }
 resend = "^2.7.0"
 tenacity = "^9.1.2"
 slack-sdk = "^3.35.0"
-ddtrace = "^3.5.1"
-posthog = "^4.2.0"
+ddtrace = "3.13.0"                                           #pin to avoid yanked version 3.12.4
+posthog = "^6.0.0"
 limits = "^5.2.0"
 coredis = "^4.22.0"
 httpx = "*"
@@ -63,6 +63,7 @@ openai = "*"
 opencv-python = "*"
 pandas = "*"
 reportlab = "*"
+gevent = ">=24.2.1,<26.0.0"
 
 [tool.poetry-dynamic-versioning]
 enable = true
@@ -85,3 +86,7 @@ lint.pydocstyle.convention = "google"
 [tool.pytest.ini_options]
 asyncio_mode = "auto"
 asyncio_default_fixture_loop_scope = "function"
+
+[tool.coverage.run]
+relative_files = true
+omit = [ "tests/*" ]

enterprise/server/auth/token_manager.py

@@ -275,9 +275,7 @@ class TokenManager:
                 self._check_expiration_and_refresh
             )
             if not token_info:
-                logger.error(
-                    f'No tokens for user: {username}, identity provider: {idp}'
-                )
+                logger.info(f'No tokens for user: {username}, identity provider: {idp}')
                 raise ValueError(
                     f'No tokens for user: {username}, identity provider: {idp}'
                 )

enterprise/server/clustered_conversation_manager.py

@@ -21,6 +21,7 @@ from openhands.events.event_store_abc import EventStoreABC
 from openhands.events.observation import AgentStateChangedObservation
 from openhands.events.stream import EventStreamSubscriber
 from openhands.llm.llm_registry import LLMRegistry
+from openhands.runtime.runtime_status import RuntimeStatus
 from openhands.server.config.server_config import ServerConfig
 from openhands.server.conversation_manager.conversation_manager import (
     ConversationManager,
@@ -686,6 +687,7 @@ class ClusteredConversationManager(StandaloneConversationManager):
                         url=self._get_conversation_url(conversation_id),
                         session_api_key=None,
                         event_store=EventStore(conversation_id, self.file_store, uid),
+                        runtime_status=RuntimeStatus.READY,
                     )
                 )
         return results

enterprise/server/routes/auth.py

@@ -174,19 +174,17 @@ async def keycloak_callback(
     posthog_user_id = f'FEATURE_{user_id}' if IS_FEATURE_ENV else user_id
 
     try:
-        posthog.identify(
-            posthog_user_id,
-            {
-                '$set': {
-                    'user_id': posthog_user_id,  # Explicitly set as property
-                    'original_user_id': user_id,  # Store the original user_id
-                    'is_feature_env': IS_FEATURE_ENV,  # Track if this is a feature environment
-                }
+        posthog.set(
+            distinct_id=posthog_user_id,
+            properties={
+                'user_id': posthog_user_id,
+                'original_user_id': user_id,
+                'is_feature_env': IS_FEATURE_ENV,
             },
         )
     except Exception as e:
         logger.error(
-            'auth:posthog_identify:failed',
+            'auth:posthog_set:failed',
             extra={
                 'user_id': user_id,
                 'error': str(e),

enterprise/server/routes/billing.py

@@ -17,11 +17,13 @@ from server.constants import (
     STRIPE_API_KEY,
     STRIPE_WEBHOOK_SECRET,
     SUBSCRIPTION_PRICE_DATA,
+    get_default_litellm_model,
 )
 from server.logger import logger
 from storage.billing_session import BillingSession
 from storage.database import session_maker
 from storage.subscription_access import SubscriptionAccess
+from storage.user_settings import UserSettings
 
 from openhands.server.user_auth import get_user_id
 
@@ -42,6 +44,8 @@ class SubscriptionAccessResponse(BaseModel):
     start_at: datetime
     end_at: datetime
     created_at: datetime
+    cancelled_at: datetime | None = None
+    stripe_subscription_id: str | None = None
 
 
 class CreateCheckoutSessionRequest(BaseModel):
@@ -85,7 +89,7 @@ async def get_credits(user_id: str = Depends(get_user_id)) -> GetCreditsResponse
 async def get_subscription_access(
     user_id: str = Depends(get_user_id),
 ) -> SubscriptionAccessResponse | None:
-    """Get details of the currently valid subscription for the user"""
+    """Get details of the currently valid subscription for the user."""
     with session_maker() as session:
         now = datetime.now(UTC)
         subscription_access = (
@@ -102,6 +106,8 @@ async def get_subscription_access(
             start_at=subscription_access.start_at,
             end_at=subscription_access.end_at,
             created_at=subscription_access.created_at,
+            cancelled_at=subscription_access.cancelled_at,
+            stripe_subscription_id=subscription_access.stripe_subscription_id,
         )
 
 
@@ -113,6 +119,78 @@ async def has_payment_method(user_id: str = Depends(get_user_id)) -> bool:
     return await stripe_service.has_payment_method(user_id)
 
 
+# Endpoint to cancel user's subscription
+@billing_router.post('/cancel-subscription')
+async def cancel_subscription(user_id: str = Depends(get_user_id)) -> JSONResponse:
+    """Cancel user's active subscription at the end of the current billing period."""
+    if not user_id:
+        raise HTTPException(status.HTTP_401_UNAUTHORIZED)
+
+    with session_maker() as session:
+        # Find the user's active subscription
+        now = datetime.now(UTC)
+        subscription_access = (
+            session.query(SubscriptionAccess)
+            .filter(SubscriptionAccess.status == 'ACTIVE')
+            .filter(SubscriptionAccess.user_id == user_id)
+            .filter(SubscriptionAccess.start_at <= now)
+            .filter(SubscriptionAccess.end_at >= now)
+            .filter(SubscriptionAccess.cancelled_at.is_(None))  # Not already cancelled
+            .first()
+        )
+
+        if not subscription_access:
+            raise HTTPException(
+                status_code=status.HTTP_404_NOT_FOUND,
+                detail='No active subscription found',
+            )
+
+        if not subscription_access.stripe_subscription_id:
+            raise HTTPException(
+                status_code=status.HTTP_400_BAD_REQUEST,
+                detail='Cannot cancel subscription: missing Stripe subscription ID',
+            )
+
+        try:
+            # Cancel the subscription in Stripe at period end
+            await stripe.Subscription.modify_async(
+                subscription_access.stripe_subscription_id, cancel_at_period_end=True
+            )
+
+            # Update local database
+            subscription_access.cancelled_at = datetime.now(UTC)
+            session.merge(subscription_access)
+            session.commit()
+
+            logger.info(
+                'subscription_cancelled',
+                extra={
+                    'user_id': user_id,
+                    'stripe_subscription_id': subscription_access.stripe_subscription_id,
+                    'subscription_access_id': subscription_access.id,
+                    'end_at': subscription_access.end_at,
+                },
+            )
+
+            return JSONResponse(
+                {'status': 'success', 'message': 'Subscription cancelled successfully'}
+            )
+
+        except stripe.StripeError as e:
+            logger.error(
+                'stripe_cancellation_failed',
+                extra={
+                    'user_id': user_id,
+                    'stripe_subscription_id': subscription_access.stripe_subscription_id,
+                    'error': str(e),
+                },
+            )
+            raise HTTPException(
+                status_code=status.HTTP_500_INTERNAL_SERVER_ERROR,
+                detail=f'Failed to cancel subscription: {str(e)}',
+            )
+
+
 # Endpoint to create a new setup intent in stripe
 @billing_router.post('/create-customer-setup-session')
 async def create_customer_setup_session(
@@ -190,9 +268,27 @@ async def create_subscription_checkout_session(
     billing_session_type: BillingSessionType = BillingSessionType.MONTHLY_SUBSCRIPTION,
     user_id: str = Depends(get_user_id),
 ) -> CreateBillingSessionResponse:
+    # Prevent duplicate subscriptions for the same user
+    with session_maker() as session:
+        now = datetime.now(UTC)
+        existing_active_subscription = (
+            session.query(SubscriptionAccess)
+            .filter(SubscriptionAccess.status == 'ACTIVE')
+            .filter(SubscriptionAccess.user_id == user_id)
+            .filter(SubscriptionAccess.start_at <= now)
+            .filter(SubscriptionAccess.end_at >= now)
+            .filter(SubscriptionAccess.cancelled_at.is_(None))  # Not cancelled
+            .first()
+        )
+
+        if existing_active_subscription:
+            raise HTTPException(
+                status_code=status.HTTP_400_BAD_REQUEST,
+                detail='Cannot create subscription: User already has an active subscription that has not been cancelled',
+            )
+
     customer_id = await stripe_service.find_or_create_customer(user_id)
     subscription_price_data = SUBSCRIPTION_PRICE_DATA[billing_session_type.value]
-    # TODO: Prevent duplicate subscriptions for the same user
     checkout_session = await stripe.checkout.Session.create_async(
         customer=customer_id,
         line_items=[
@@ -246,7 +342,7 @@ async def create_subscription_checkout_session_via_get(
     billing_session_type: BillingSessionType = BillingSessionType.MONTHLY_SUBSCRIPTION,
     user_id: str = Depends(get_user_id),
 ) -> RedirectResponse:
-    """Create a subscription checkout session using a GET request (For easier copy / paste to URL bar)"""
+    """Create a subscription checkout session using a GET request (For easier copy / paste to URL bar)."""
     response = await create_subscription_checkout_session(
         request, billing_session_type, user_id
     )
@@ -278,7 +374,7 @@ async def success_callback(session_id: str, request: Request):
             != BillingSessionType.DIRECT_PAYMENT.value
         ):
             return RedirectResponse(
-                f'{request.base_url}settings/billing?checkout=success', status_code=302
+                f'{request.base_url}settings?checkout=success', status_code=302
             )
 
         stripe_session = stripe.checkout.Session.retrieve(session_id)
@@ -348,14 +444,29 @@ async def cancel_callback(session_id: str, request: Request):
             session.merge(billing_session)
             session.commit()
 
+            # Redirect credit purchases to billing screen, subscriptions to LLM settings
+            if (
+                billing_session.billing_session_type
+                == BillingSessionType.DIRECT_PAYMENT.value
+            ):
+                return RedirectResponse(
+                    f'{request.base_url}settings/billing?checkout=cancel',
+                    status_code=302,
+                )
+            else:
+                return RedirectResponse(
+                    f'{request.base_url}settings?checkout=cancel', status_code=302
+                )
+
+    # If no billing session found, default to LLM settings (subscription flow)
     return RedirectResponse(
-        f'{request.base_url}settings/billing?checkout=cancel', status_code=302
+        f'{request.base_url}settings?checkout=cancel', status_code=302
     )
 
 
 @billing_router.post('/stripe-webhook')
 async def stripe_webhook(request: Request) -> JSONResponse:
-    """Endpoint for stripe webhooks"""
+    """Endpoint for stripe webhooks."""
     payload = await request.body()
     sig_header = request.headers.get('stripe-signature')
 
@@ -397,15 +508,111 @@ async def stripe_webhook(request: Request) -> JSONResponse:
                 end_at=end_at,
                 amount_paid=amount_paid,
                 stripe_invoice_payment_id=invoice.payment_intent,
+                stripe_subscription_id=invoice.subscription,  # Store Stripe subscription ID
             )
             session.add(subscription_access)
             session.commit()
+    elif event_type == 'customer.subscription.updated':
+        subscription = event['data']['object']
+        subscription_id = subscription['id']
+
+        # Handle subscription cancellation
+        if subscription.get('cancel_at_period_end') is True:
+            with session_maker() as session:
+                subscription_access = (
+                    session.query(SubscriptionAccess)
+                    .filter(
+                        SubscriptionAccess.stripe_subscription_id == subscription_id
+                    )
+                    .filter(SubscriptionAccess.status == 'ACTIVE')
+                    .first()
+                )
+
+                if subscription_access and not subscription_access.cancelled_at:
+                    subscription_access.cancelled_at = datetime.now(UTC)
+                    session.merge(subscription_access)
+                    session.commit()
+
+                    logger.info(
+                        'subscription_cancelled_via_webhook',
+                        extra={
+                            'stripe_subscription_id': subscription_id,
+                            'user_id': subscription_access.user_id,
+                            'subscription_access_id': subscription_access.id,
+                        },
+                    )
+    elif event_type == 'customer.subscription.deleted':
+        subscription = event['data']['object']
+        subscription_id = subscription['id']
+
+        with session_maker() as session:
+            subscription_access = (
+                session.query(SubscriptionAccess)
+                .filter(SubscriptionAccess.stripe_subscription_id == subscription_id)
+                .filter(SubscriptionAccess.status == 'ACTIVE')
+                .first()
+            )
+
+            if subscription_access:
+                subscription_access.status = 'DISABLED'
+                subscription_access.updated_at = datetime.now(UTC)
+                session.merge(subscription_access)
+                session.commit()
+
+                # Reset user settings to free tier defaults
+                reset_user_to_free_tier_settings(subscription_access.user_id)
+
+                logger.info(
+                    'subscription_expired_reset_to_free_tier',
+                    extra={
+                        'stripe_subscription_id': subscription_id,
+                        'user_id': subscription_access.user_id,
+                        'subscription_access_id': subscription_access.id,
+                    },
+                )
     else:
         logger.info('stripe_webhook_unhandled_event_type', extra={'type': event_type})
 
     return JSONResponse({'status': 'success'})
 
 
+def reset_user_to_free_tier_settings(user_id: str) -> None:
+    """Reset user settings to free tier defaults when subscription ends."""
+    with session_maker() as session:
+        user_settings = (
+            session.query(UserSettings)
+            .filter(UserSettings.keycloak_user_id == user_id)
+            .first()
+        )
+
+        if user_settings:
+            user_settings.llm_model = get_default_litellm_model()
+            user_settings.llm_api_key = None
+            user_settings.llm_api_key_for_byor = None
+            user_settings.llm_base_url = LITE_LLM_API_URL
+            user_settings.max_budget_per_task = None
+            user_settings.confirmation_mode = False
+            user_settings.enable_solvability_analysis = False
+            user_settings.security_analyzer = 'llm'
+            user_settings.agent = 'CodeActAgent'
+            user_settings.language = 'en'
+            user_settings.enable_default_condenser = True
+            user_settings.enable_sound_notifications = False
+            user_settings.enable_proactive_conversation_starters = True
+            user_settings.user_consents_to_analytics = False
+
+            session.merge(user_settings)
+            session.commit()
+
+            logger.info(
+                'user_settings_reset_to_free_tier',
+                extra={
+                    'user_id': user_id,
+                    'reset_timestamp': datetime.now(UTC).isoformat(),
+                },
+            )
+
+
 async def _get_litellm_user(client: httpx.AsyncClient, user_id: str) -> dict:
     """Get a user from litellm with the id matching that given.
 

enterprise/server/routes/event_webhook.py

@@ -234,7 +234,7 @@ def _get_user_id(conversation_id: str) -> str:
         return conversation_metadata.user_id
 
 
-async def _get_session_api_key(user_id: str, conversation_id: str) -> str:
+async def _get_session_api_key(user_id: str, conversation_id: str) -> str | None:
     agent_loop_info = await conversation_manager.get_agent_loop_info(
         user_id, filter_to_sids={conversation_id}
     )

enterprise/server/routes/user.py

@@ -138,6 +138,7 @@ async def saas_search_repositories(
     per_page: int = 5,
     sort: str = 'stars',
     order: str = 'desc',
+    selected_provider: ProviderType | None = None,
     provider_tokens: PROVIDER_TOKEN_TYPE | None = Depends(get_provider_tokens),
     access_token: SecretStr | None = Depends(get_access_token),
     user_id: str | None = Depends(get_user_id),
@@ -155,6 +156,7 @@ async def saas_search_repositories(
         per_page=per_page,
         sort=sort,
         order=order,
+        selected_provider=selected_provider,
         provider_tokens=provider_tokens,
         access_token=access_token,
         user_id=user_id,

enterprise/server/saas_nested_conversation_manager.py

@@ -60,9 +60,14 @@ from openhands.utils.utils import create_registry_and_conversation_stats
 RUNTIME_URL_PATTERN = os.getenv(
     'RUNTIME_URL_PATTERN', 'https://{runtime_id}.prod-runtime.all-hands.dev'
 )
+RUNTIME_ROUTING_MODE = os.getenv('RUNTIME_ROUTING_MODE', 'subdomain').lower()
 
 # Pattern for base URL for the runtime
-RUNTIME_CONVERSATION_URL = RUNTIME_URL_PATTERN + '/api/conversations/{conversation_id}'
+RUNTIME_CONVERSATION_URL = RUNTIME_URL_PATTERN + (
+    '/runtime/api/conversations/{conversation_id}'
+    if RUNTIME_ROUTING_MODE == 'path'
+    else '/api/conversations/{conversation_id}'
+)
 
 # Time in seconds before a Redis entry is considered expired if not refreshed
 _REDIS_ENTRY_TIMEOUT_SECONDS = 300
@@ -344,18 +349,48 @@ class SaasNestedConversationManager(ConversationManager):
         api_url: str,
         custom_secrets: MappingProxyType[str, Any] | None,
     ):
-        """Setup custom secrets for the nested conversation."""
+        """Setup custom secrets for the nested conversation.
+
+        Note: When resuming conversations, secrets may already exist in the runtime.
+        We check for specific duplicate error messages to handle this case gracefully.
+        """
         if custom_secrets:
             for key, secret in custom_secrets.items():
-                response = await client.post(
-                    f'{api_url}/api/secrets',
-                    json={
-                        'name': key,
-                        'description': secret.description,
-                        'value': secret.secret.get_secret_value(),
-                    },
-                )
-                response.raise_for_status()
+                try:
+                    response = await client.post(
+                        f'{api_url}/api/secrets',
+                        json={
+                            'name': key,
+                            'description': secret.description,
+                            'value': secret.secret.get_secret_value(),
+                        },
+                    )
+                    response.raise_for_status()
+                    logger.debug(f'Successfully created secret: {key}')
+                except httpx.HTTPStatusError as e:
+                    if e.response.status_code == 400:
+                        # Only ignore if it's actually a duplicate error
+                        try:
+                            error_data = e.response.json()
+                            error_msg = error_data.get('message', '')
+                            # The API returns: "Secret {secret_name} already exists"
+                            if 'already exists' in error_msg:
+                                logger.info(
+                                    f'Secret "{key}" already exists, continuing - ignoring duplicate',
+                                    extra={'api_url': api_url},
+                                )
+                                continue
+                        except (KeyError, ValueError, TypeError):
+                            pass  # If we can't parse JSON, fall through to re-raise
+                    # Re-raise all other errors (including non-duplicate 400s)
+                    logger.error(
+                        f'Failed to setup secret "{key}": HTTP {e.response.status_code}',
+                        extra={
+                            'api_url': api_url,
+                            'response_text': e.response.text[:200],
+                        },
+                    )
+                    raise
 
     def _get_mcp_config(self, user_id: str) -> MCPConfig | None:
         api_key_store = ApiKeyStore.get_instance()

enterprise/storage/subscription_access.py

@@ -7,7 +7,7 @@ from storage.base import Base
 class SubscriptionAccess(Base):  # type: ignore
     """
     Represents a user's subscription access record.
-    Tracks subscription status, duration, and payment information.
+    Tracks subscription status, duration, payment information, and cancellation status.
     """
 
     __tablename__ = 'subscription_access'
@@ -27,6 +27,8 @@ class SubscriptionAccess(Base):  # type: ignore
     end_at = Column(DateTime(timezone=True), nullable=True)
     amount_paid = Column(DECIMAL(19, 4), nullable=True)
     stripe_invoice_payment_id = Column(String, nullable=False)
+    cancelled_at = Column(DateTime(timezone=True), nullable=True)
+    stripe_subscription_id = Column(String, nullable=True, index=True)
     created_at = Column(
         DateTime(timezone=True),
         default=lambda: datetime.now(UTC),  # type: ignore[attr-defined]

enterprise/sync/install_gitlab_webhooks.py

@@ -276,12 +276,12 @@ class VerifyWebhookStatus:
                     webhook
                 )
 
-                gitlab_service = GitLabServiceImpl(external_auth_id=user_id)
+                gitlab_service_impl = GitLabServiceImpl(external_auth_id=user_id)
 
-                if not isinstance(gitlab_service, SaaSGitLabService):
+                if not isinstance(gitlab_service_impl, SaaSGitLabService):
                     raise Exception('Only SaaSGitLabService is supported')
                 # Cast needed when mypy can see OpenHands
-                gitlab_service = cast(type[SaaSGitLabService], gitlab_service)
+                gitlab_service = cast(type[SaaSGitLabService], gitlab_service_impl)
 
                 await self.verify_conditions_are_met(
                     gitlab_service=gitlab_service,

enterprise/tests/unit/integrations/test_utils.py

@@ -0,0 +1,159 @@
+"""Tests for enterprise integrations utils module."""
+
+import pytest
+from integrations.utils import get_summary_for_agent_state
+
+from openhands.core.schema.agent import AgentState
+from openhands.events.observation.agent import AgentStateChangedObservation
+
+
+class TestGetSummaryForAgentState:
+    """Test cases for get_summary_for_agent_state function."""
+
+    def setup_method(self):
+        """Set up test fixtures."""
+        self.conversation_link = 'https://example.com/conversation/123'
+
+    def test_empty_observations_list(self):
+        """Test handling of empty observations list."""
+        result = get_summary_for_agent_state([], self.conversation_link)
+
+        assert 'unknown error' in result.lower()
+        assert self.conversation_link in result
+
+    @pytest.mark.parametrize(
+        'state,expected_text,includes_link',
+        [
+            (AgentState.RATE_LIMITED, 'rate limited', False),
+            (AgentState.AWAITING_USER_INPUT, 'waiting for your input', True),
+        ],
+    )
+    def test_handled_agent_states(self, state, expected_text, includes_link):
+        """Test handling of states with specific behavior."""
+        observation = AgentStateChangedObservation(
+            content=f'Agent state: {state.value}', agent_state=state
+        )
+
+        result = get_summary_for_agent_state([observation], self.conversation_link)
+
+        assert expected_text in result.lower()
+        if includes_link:
+            assert self.conversation_link in result
+        else:
+            assert self.conversation_link not in result
+
+    @pytest.mark.parametrize(
+        'state',
+        [
+            AgentState.FINISHED,
+            AgentState.PAUSED,
+            AgentState.STOPPED,
+            AgentState.AWAITING_USER_CONFIRMATION,
+        ],
+    )
+    def test_unhandled_agent_states(self, state):
+        """Test handling of unhandled states (should all return unknown error)."""
+        observation = AgentStateChangedObservation(
+            content=f'Agent state: {state.value}', agent_state=state
+        )
+
+        result = get_summary_for_agent_state([observation], self.conversation_link)
+
+        assert 'unknown error' in result.lower()
+        assert self.conversation_link in result
+
+    @pytest.mark.parametrize(
+        'error_code,expected_text',
+        [
+            (
+                'STATUS$ERROR_LLM_AUTHENTICATION',
+                'authentication with the llm provider failed',
+            ),
+            (
+                'STATUS$ERROR_LLM_SERVICE_UNAVAILABLE',
+                'llm service is temporarily unavailable',
+            ),
+            (
+                'STATUS$ERROR_LLM_INTERNAL_SERVER_ERROR',
+                'llm provider encountered an internal error',
+            ),
+            ('STATUS$ERROR_LLM_OUT_OF_CREDITS', "you've run out of credits"),
+            ('STATUS$ERROR_LLM_CONTENT_POLICY_VIOLATION', 'content policy violation'),
+        ],
+    )
+    def test_error_state_readable_reasons(self, error_code, expected_text):
+        """Test all readable error reason mappings."""
+        observation = AgentStateChangedObservation(
+            content=f'Agent encountered error: {error_code}',
+            agent_state=AgentState.ERROR,
+            reason=error_code,
+        )
+
+        result = get_summary_for_agent_state([observation], self.conversation_link)
+
+        assert 'encountered an error' in result.lower()
+        assert expected_text in result.lower()
+        assert self.conversation_link in result
+
+    def test_error_state_with_custom_reason(self):
+        """Test handling of ERROR state with a custom reason."""
+        observation = AgentStateChangedObservation(
+            content='Agent encountered an error',
+            agent_state=AgentState.ERROR,
+            reason='Test error message',
+        )
+
+        result = get_summary_for_agent_state([observation], self.conversation_link)
+
+        assert 'encountered an error' in result.lower()
+        assert 'test error message' in result.lower()
+        assert self.conversation_link in result
+
+    def test_multiple_observations_uses_first(self):
+        """Test that when multiple observations are provided, only the first is used."""
+        observation1 = AgentStateChangedObservation(
+            content='Agent is awaiting user input',
+            agent_state=AgentState.AWAITING_USER_INPUT,
+        )
+        observation2 = AgentStateChangedObservation(
+            content='Agent encountered an error',
+            agent_state=AgentState.ERROR,
+            reason='Should not be used',
+        )
+
+        result = get_summary_for_agent_state(
+            [observation1, observation2], self.conversation_link
+        )
+
+        # Should handle the first observation (AWAITING_USER_INPUT), not the second (ERROR)
+        assert 'waiting for your input' in result.lower()
+        assert 'error' not in result.lower()
+
+    def test_awaiting_user_input_specific_message(self):
+        """Test that AWAITING_USER_INPUT returns the specific expected message."""
+        observation = AgentStateChangedObservation(
+            content='Agent is awaiting user input',
+            agent_state=AgentState.AWAITING_USER_INPUT,
+        )
+
+        result = get_summary_for_agent_state([observation], self.conversation_link)
+
+        # Test the exact message format
+        assert 'waiting for your input' in result.lower()
+        assert 'continue the conversation' in result.lower()
+        assert self.conversation_link in result
+        assert 'unknown error' not in result.lower()
+
+    def test_rate_limited_specific_message(self):
+        """Test that RATE_LIMITED returns the specific expected message."""
+        observation = AgentStateChangedObservation(
+            content='Agent was rate limited', agent_state=AgentState.RATE_LIMITED
+        )
+
+        result = get_summary_for_agent_state([observation], self.conversation_link)
+
+        # Test the exact message format
+        assert 'rate limited' in result.lower()
+        assert 'try again later' in result.lower()
+        # RATE_LIMITED doesn't include conversation link in response
+        assert self.conversation_link not in result

enterprise/tests/unit/test_auth_routes.py

@@ -211,7 +211,7 @@ async def test_keycloak_callback_success_with_valid_offline_token(mock_request):
             secure=False,
             accepted_tos=True,
         )
-        mock_posthog.identify.assert_called_once()
+        mock_posthog.set.assert_called_once()
 
 
 @pytest.mark.asyncio
@@ -278,7 +278,7 @@ async def test_keycloak_callback_success_without_offline_token(mock_request):
             secure=False,
             accepted_tos=True,
         )
-        mock_posthog.identify.assert_called_once()
+        mock_posthog.set.assert_called_once()
 
 
 @pytest.mark.asyncio

enterprise/tests/unit/test_billing.py

@@ -5,16 +5,16 @@ import pytest
 import stripe
 from fastapi import HTTPException, Request, status
 from httpx import HTTPStatusError, Response
-from server.routes import billing
+from integrations.stripe_service import has_payment_method
 from server.routes.billing import (
     CreateBillingSessionResponse,
     CreateCheckoutSessionRequest,
     GetCreditsResponse,
     cancel_callback,
+    cancel_subscription,
     create_checkout_session,
-    create_customer_setup_session,
+    create_subscription_checkout_session,
     get_credits,
-    has_payment_method,
     success_callback,
 )
 from sqlalchemy import create_engine
@@ -362,8 +362,7 @@ async def test_cancel_callback_session_not_found():
         response = await cancel_callback('test_session_id', mock_request)
         assert response.status_code == 302
         assert (
-            response.headers['location']
-            == 'http://test.com/settings/billing?checkout=cancel'
+            response.headers['location'] == 'http://test.com/settings?checkout=cancel'
         )
 
         # Verify no database updates occurred
@@ -389,8 +388,7 @@ async def test_cancel_callback_success():
 
         assert response.status_code == 302
         assert (
-            response.headers['location']
-            == 'http://test.com/settings/billing?checkout=cancel'
+            response.headers['location'] == 'http://test.com/settings?checkout=cancel'
         )
 
         # Verify database updates
@@ -402,51 +400,312 @@ async def test_cancel_callback_success():
 @pytest.mark.asyncio
 async def test_has_payment_method_with_payment_method():
     """Test has_payment_method returns True when user has a payment method."""
-
-    mock_has_payment_method = AsyncMock(return_value=True)
-    with patch(
-        'integrations.stripe_service.has_payment_method', mock_has_payment_method
+    with (
+        patch('integrations.stripe_service.session_maker') as mock_session_maker,
+        patch(
+            'stripe.Customer.list_payment_methods_async',
+            AsyncMock(return_value=MagicMock(data=[MagicMock()])),
+        ) as mock_list_payment_methods,
     ):
+        # Setup mock session
+        mock_session = MagicMock()
+        mock_session_maker.return_value.__enter__.return_value = mock_session
+        mock_session.query.return_value.filter.return_value.first.return_value = (
+            MagicMock(stripe_customer_id='cus_test123')
+        )
+
         result = await has_payment_method('mock_user')
         assert result is True
-    mock_has_payment_method.assert_called_once_with('mock_user')
+        mock_list_payment_methods.assert_called_once_with('cus_test123')
 
 
 @pytest.mark.asyncio
 async def test_has_payment_method_without_payment_method():
     """Test has_payment_method returns False when user has no payment method."""
-    mock_has_payment_method = AsyncMock(return_value=False)
-    with patch(
-        'integrations.stripe_service.has_payment_method', mock_has_payment_method
+    with (
+        patch('integrations.stripe_service.session_maker') as mock_session_maker,
+        patch(
+            'stripe.Customer.list_payment_methods_async',
+            AsyncMock(return_value=MagicMock(data=[])),
+        ) as mock_list_payment_methods,
     ):
-        mock_has_payment_method.return_value = False
+        # Setup mock session
+        mock_session = MagicMock()
+        mock_session_maker.return_value.__enter__.return_value = mock_session
+        mock_session.query.return_value.filter.return_value.first.return_value = (
+            MagicMock(stripe_customer_id='cus_test123')
+        )
+
         result = await has_payment_method('mock_user')
         assert result is False
-    mock_has_payment_method.assert_called_once_with('mock_user')
+        mock_list_payment_methods.assert_called_once_with('cus_test123')
 
 
 @pytest.mark.asyncio
-async def test_create_customer_setup_session_success():
-    """Test successful creation of customer setup session."""
-    mock_request = Request(
-        scope={'type': 'http', 'state': {'user_id': 'mock_user'}, 'headers': []}
+async def test_cancel_subscription_success():
+    """Test successful subscription cancellation."""
+    from datetime import UTC, datetime
+
+    from storage.subscription_access import SubscriptionAccess
+
+    # Mock active subscription
+    mock_subscription_access = SubscriptionAccess(
+        id=1,
+        status='ACTIVE',
+        user_id='test_user',
+        start_at=datetime.now(UTC),
+        end_at=datetime.now(UTC),
+        amount_paid=2000,
+        stripe_invoice_payment_id='pi_test',
+        stripe_subscription_id='sub_test123',
+        cancelled_at=None,
     )
 
-    mock_customer = stripe.Customer(
-        id='mock-customer', metadata={'user_id': 'mock-user'}
-    )
-    mock_session = MagicMock()
-    mock_session.url = 'https://checkout.stripe.com/test-session'
-    mock_create = AsyncMock(return_value=mock_session)
+    # Mock Stripe subscription response
+    mock_stripe_subscription = MagicMock()
+    mock_stripe_subscription.cancel_at_period_end = True
 
     with (
+        patch('server.routes.billing.session_maker') as mock_session_maker,
+        patch(
+            'stripe.Subscription.modify_async',
+            AsyncMock(return_value=mock_stripe_subscription),
+        ) as mock_stripe_modify,
+    ):
+        # Setup mock session
+        mock_session = MagicMock()
+        mock_session_maker.return_value.__enter__.return_value = mock_session
+        mock_session.query.return_value.filter.return_value.filter.return_value.filter.return_value.filter.return_value.filter.return_value.first.return_value = mock_subscription_access
+
+        # Call the function
+        result = await cancel_subscription('test_user')
+
+        # Verify Stripe API was called
+        mock_stripe_modify.assert_called_once_with(
+            'sub_test123', cancel_at_period_end=True
+        )
+
+        # Verify database was updated
+        assert mock_subscription_access.cancelled_at is not None
+        mock_session.merge.assert_called_once_with(mock_subscription_access)
+        mock_session.commit.assert_called_once()
+
+        # Verify response
+        assert result.status_code == 200
+
+
+@pytest.mark.asyncio
+async def test_cancel_subscription_no_active_subscription():
+    """Test cancellation when no active subscription exists."""
+    with (
+        patch('server.routes.billing.session_maker') as mock_session_maker,
+    ):
+        # Setup mock session with no subscription found
+        mock_session = MagicMock()
+        mock_session_maker.return_value.__enter__.return_value = mock_session
+        mock_session.query.return_value.filter.return_value.filter.return_value.filter.return_value.filter.return_value.filter.return_value.first.return_value = None
+
+        # Call the function and expect HTTPException
+        with pytest.raises(HTTPException) as exc_info:
+            await cancel_subscription('test_user')
+
+        assert exc_info.value.status_code == 404
+        assert 'No active subscription found' in str(exc_info.value.detail)
+
+
+@pytest.mark.asyncio
+async def test_cancel_subscription_missing_stripe_id():
+    """Test cancellation when subscription has no Stripe ID."""
+    from datetime import UTC, datetime
+
+    from storage.subscription_access import SubscriptionAccess
+
+    # Mock subscription without Stripe ID
+    mock_subscription_access = SubscriptionAccess(
+        id=1,
+        status='ACTIVE',
+        user_id='test_user',
+        start_at=datetime.now(UTC),
+        end_at=datetime.now(UTC),
+        amount_paid=2000,
+        stripe_invoice_payment_id='pi_test',
+        stripe_subscription_id=None,  # Missing Stripe ID
+        cancelled_at=None,
+    )
+
+    with (
+        patch('server.routes.billing.session_maker') as mock_session_maker,
+    ):
+        # Setup mock session
+        mock_session = MagicMock()
+        mock_session_maker.return_value.__enter__.return_value = mock_session
+        mock_session.query.return_value.filter.return_value.filter.return_value.filter.return_value.filter.return_value.filter.return_value.first.return_value = mock_subscription_access
+
+        # Call the function and expect HTTPException
+        with pytest.raises(HTTPException) as exc_info:
+            await cancel_subscription('test_user')
+
+        assert exc_info.value.status_code == 400
+        assert 'missing Stripe subscription ID' in str(exc_info.value.detail)
+
+
+@pytest.mark.asyncio
+async def test_cancel_subscription_stripe_error():
+    """Test cancellation when Stripe API fails."""
+    from datetime import UTC, datetime
+
+    from storage.subscription_access import SubscriptionAccess
+
+    # Mock active subscription
+    mock_subscription_access = SubscriptionAccess(
+        id=1,
+        status='ACTIVE',
+        user_id='test_user',
+        start_at=datetime.now(UTC),
+        end_at=datetime.now(UTC),
+        amount_paid=2000,
+        stripe_invoice_payment_id='pi_test',
+        stripe_subscription_id='sub_test123',
+        cancelled_at=None,
+    )
+
+    with (
+        patch('server.routes.billing.session_maker') as mock_session_maker,
+        patch(
+            'stripe.Subscription.modify_async',
+            AsyncMock(side_effect=stripe.StripeError('API Error')),
+        ),
+    ):
+        # Setup mock session
+        mock_session = MagicMock()
+        mock_session_maker.return_value.__enter__.return_value = mock_session
+        mock_session.query.return_value.filter.return_value.filter.return_value.filter.return_value.filter.return_value.filter.return_value.first.return_value = mock_subscription_access
+
+        # Call the function and expect HTTPException
+        with pytest.raises(HTTPException) as exc_info:
+            await cancel_subscription('test_user')
+
+        assert exc_info.value.status_code == 500
+        assert 'Failed to cancel subscription' in str(exc_info.value.detail)
+
+
+@pytest.mark.asyncio
+async def test_create_subscription_checkout_session_duplicate_prevention():
+    """Test that creating a subscription when user already has active subscription raises error."""
+    from datetime import UTC, datetime
+
+    from storage.subscription_access import SubscriptionAccess
+
+    # Mock active subscription
+    mock_subscription_access = SubscriptionAccess(
+        id=1,
+        status='ACTIVE',
+        user_id='test_user',
+        start_at=datetime.now(UTC),
+        end_at=datetime.now(UTC),
+        amount_paid=2000,
+        stripe_invoice_payment_id='pi_test',
+        stripe_subscription_id='sub_test123',
+        cancelled_at=None,
+    )
+
+    mock_request = Request(scope={'type': 'http'})
+    mock_request._base_url = URL('http://test.com/')
+
+    with (
+        patch('server.routes.billing.session_maker') as mock_session_maker,
+    ):
+        # Setup mock session to return existing active subscription
+        mock_session = MagicMock()
+        mock_session_maker.return_value.__enter__.return_value = mock_session
+        mock_session.query.return_value.filter.return_value.filter.return_value.filter.return_value.filter.return_value.filter.return_value.first.return_value = mock_subscription_access
+
+        # Call the function and expect HTTPException
+        with pytest.raises(HTTPException) as exc_info:
+            await create_subscription_checkout_session(
+                mock_request, user_id='test_user'
+            )
+
+        assert exc_info.value.status_code == 400
+        assert (
+            'user already has an active subscription'
+            in str(exc_info.value.detail).lower()
+        )
+
+
+@pytest.mark.asyncio
+async def test_create_subscription_checkout_session_allows_after_cancellation():
+    """Test that creating a subscription is allowed when previous subscription was cancelled."""
+    mock_request = Request(scope={'type': 'http'})
+    mock_request._base_url = URL('http://test.com/')
+
+    mock_session_obj = MagicMock()
+    mock_session_obj.url = 'https://checkout.stripe.com/test-session'
+    mock_session_obj.id = 'test_session_id'
+
+    with (
+        patch('server.routes.billing.session_maker') as mock_session_maker,
         patch(
             'integrations.stripe_service.find_or_create_customer',
-            AsyncMock(return_value=mock_customer),
+            AsyncMock(return_value='cus_test123'),
+        ),
+        patch(
+            'stripe.checkout.Session.create_async',
+            AsyncMock(return_value=mock_session_obj),
+        ),
+        patch(
+            'server.routes.billing.SUBSCRIPTION_PRICE_DATA',
+            {'MONTHLY_SUBSCRIPTION': {'unit_amount': 2000}},
         ),
-        patch('stripe.checkout.Session.create_async', mock_create),
     ):
-        result = await create_customer_setup_session(mock_request)
+        # Setup mock session - the query should return None because cancelled subscriptions are filtered out
+        mock_session = MagicMock()
+        mock_session_maker.return_value.__enter__.return_value = mock_session
+        mock_session.query.return_value.filter.return_value.filter.return_value.filter.return_value.filter.return_value.filter.return_value.first.return_value = None
 
-        assert isinstance(result, billing.CreateBillingSessionResponse)
+        # Should succeed
+        result = await create_subscription_checkout_session(
+            mock_request, user_id='test_user'
+        )
+
+        assert isinstance(result, CreateBillingSessionResponse)
+        assert result.redirect_url == 'https://checkout.stripe.com/test-session'
+
+
+@pytest.mark.asyncio
+async def test_create_subscription_checkout_session_success_no_existing():
+    """Test successful subscription creation when no existing subscription."""
+    mock_request = Request(scope={'type': 'http'})
+    mock_request._base_url = URL('http://test.com/')
+
+    mock_session_obj = MagicMock()
+    mock_session_obj.url = 'https://checkout.stripe.com/test-session'
+    mock_session_obj.id = 'test_session_id'
+
+    with (
+        patch('server.routes.billing.session_maker') as mock_session_maker,
+        patch(
+            'integrations.stripe_service.find_or_create_customer',
+            AsyncMock(return_value='cus_test123'),
+        ),
+        patch(
+            'stripe.checkout.Session.create_async',
+            AsyncMock(return_value=mock_session_obj),
+        ),
+        patch(
+            'server.routes.billing.SUBSCRIPTION_PRICE_DATA',
+            {'MONTHLY_SUBSCRIPTION': {'unit_amount': 2000}},
+        ),
+    ):
+        # Setup mock session to return no existing subscription
+        mock_session = MagicMock()
+        mock_session_maker.return_value.__enter__.return_value = mock_session
+        mock_session.query.return_value.filter.return_value.filter.return_value.filter.return_value.filter.return_value.filter.return_value.first.return_value = None
+
+        # Should succeed
+        result = await create_subscription_checkout_session(
+            mock_request, user_id='test_user'
+        )
+
+        assert isinstance(result, CreateBillingSessionResponse)
         assert result.redirect_url == 'https://checkout.stripe.com/test-session'

enterprise/tests/unit/test_saas_conversation_manager_secrets.py

@@ -0,0 +1,176 @@
+"""Tests for SaasNestedConversationManager custom secrets handling during resume."""
+
+from types import MappingProxyType
+from unittest.mock import AsyncMock, MagicMock
+
+import httpx
+import pytest
+from pydantic import SecretStr
+from server.saas_nested_conversation_manager import SaasNestedConversationManager
+
+from openhands.core.config.openhands_config import OpenHandsConfig
+from openhands.integrations.provider import CustomSecret
+from openhands.server.config.server_config import ServerConfig
+from openhands.storage.memory import InMemoryFileStore
+
+
+class MockHTTPXResponse:
+    """Mock httpx.Response that behaves realistically."""
+
+    def __init__(self, status_code: int, json_data: dict | None = None):
+        self.status_code = status_code
+        self._json_data = json_data or {}
+        self.text = str(json_data) if json_data else ''
+
+    def json(self):
+        """Return JSON data."""
+        if self._json_data:
+            return self._json_data
+        raise ValueError('No JSON data')
+
+    def raise_for_status(self):
+        """Raise an exception for 4xx/5xx status codes."""
+        if self.status_code >= 400:
+            # Create a proper mock response for the exception
+            mock_response = MagicMock()
+            mock_response.status_code = self.status_code
+            mock_response.json = self.json
+            mock_response.text = self.text
+
+            error = httpx.HTTPStatusError(
+                f"Client error '{self.status_code}' for url 'test'",
+                request=MagicMock(),
+                response=mock_response,
+            )
+            raise error
+
+
+@pytest.fixture
+def saas_manager():
+    """Create a SaasNestedConversationManager instance for testing."""
+    manager = SaasNestedConversationManager(
+        sio=MagicMock(),
+        config=MagicMock(spec=OpenHandsConfig),
+        server_config=MagicMock(spec=ServerConfig),
+        file_store=MagicMock(spec=InMemoryFileStore),
+        event_retrieval=MagicMock(),
+    )
+    return manager
+
+
+@pytest.mark.asyncio
+async def test_duplicate_secrets_dont_crash_resume(saas_manager):
+    """Test that duplicate secrets during resume are handled gracefully."""
+    mock_client = AsyncMock(spec=httpx.AsyncClient)
+
+    # Simulate resume scenario: secret already exists (400)
+    mock_response = MockHTTPXResponse(
+        400, {'message': 'Secret MY_API_KEY already exists'}
+    )
+
+    async def mock_post(*args, **kwargs):
+        return mock_response
+
+    mock_client.post = AsyncMock(side_effect=mock_post)
+
+    custom_secrets = MappingProxyType(
+        {
+            'MY_API_KEY': CustomSecret(
+                secret=SecretStr('api_key_value'),
+                description='API Key that already exists on resume',
+            ),
+        }
+    )
+
+    # Should not raise despite 400 "already exists" error
+    await saas_manager._setup_custom_secrets(
+        client=mock_client,
+        api_url='https://runtime.example.com',
+        custom_secrets=custom_secrets,
+    )
+
+    assert mock_client.post.call_count == 1
+
+
+@pytest.mark.asyncio
+async def test_other_400_errors_still_fail(saas_manager):
+    """Test that non-duplicate 400 errors are still raised."""
+    mock_client = AsyncMock(spec=httpx.AsyncClient)
+
+    # 400 error but NOT a duplicate
+    mock_response = MockHTTPXResponse(400, {'message': 'Invalid secret name format'})
+
+    async def mock_post(*args, **kwargs):
+        return mock_response
+
+    mock_client.post = AsyncMock(side_effect=mock_post)
+
+    custom_secrets = MappingProxyType(
+        {
+            'INVALID!NAME': CustomSecret(
+                secret=SecretStr('value'), description='Secret with invalid name'
+            ),
+        }
+    )
+
+    with pytest.raises(httpx.HTTPStatusError) as exc_info:
+        await saas_manager._setup_custom_secrets(
+            client=mock_client,
+            api_url='https://runtime.example.com',
+            custom_secrets=custom_secrets,
+        )
+
+    assert exc_info.value.response.status_code == 400
+
+
+@pytest.mark.asyncio
+async def test_normal_secret_creation_still_works(saas_manager):
+    """Test that normal secret creation works correctly."""
+    mock_client = AsyncMock(spec=httpx.AsyncClient)
+
+    # Successful creation
+    mock_response = MockHTTPXResponse(200, {'message': 'Secret created'})
+
+    async def mock_post(*args, **kwargs):
+        return mock_response
+
+    mock_client.post = AsyncMock(side_effect=mock_post)
+
+    custom_secrets = MappingProxyType(
+        {
+            'NEW_SECRET': CustomSecret(
+                secret=SecretStr('new_value'), description='A new secret'
+            ),
+        }
+    )
+
+    await saas_manager._setup_custom_secrets(
+        client=mock_client,
+        api_url='https://runtime.example.com',
+        custom_secrets=custom_secrets,
+    )
+
+    assert mock_client.post.call_count == 1
+    call_args = mock_client.post.call_args_list[0]
+    assert call_args[1]['json']['name'] == 'NEW_SECRET'
+    assert call_args[1]['json']['value'] == 'new_value'
+
+
+@pytest.mark.asyncio
+async def test_handles_empty_secrets_gracefully(saas_manager):
+    """Test that empty or missing secrets are handled correctly."""
+    mock_client = AsyncMock(spec=httpx.AsyncClient)
+
+    # Test with None
+    await saas_manager._setup_custom_secrets(
+        client=mock_client, api_url='https://runtime.example.com', custom_secrets=None
+    )
+    assert mock_client.post.call_count == 0
+
+    # Test with empty dict
+    await saas_manager._setup_custom_secrets(
+        client=mock_client,
+        api_url='https://runtime.example.com',
+        custom_secrets=MappingProxyType({}),
+    )
+    assert mock_client.post.call_count == 0

evaluation/benchmarks/gaia/run_infer.py

@@ -28,6 +28,7 @@ from evaluation.utils.shared import (
     prepare_dataset,
     reset_logger_for_multiprocessing,
     run_evaluation,
+    update_llm_config_for_completions_logging,
 )
 from openhands.controller.state.state import State
 from openhands.core.config import (
@@ -36,7 +37,11 @@ from openhands.core.config import (
     get_llm_config_arg,
     load_from_toml,
 )
-from openhands.core.config.utils import get_agent_config_arg
+from openhands.core.config.utils import (
+    get_agent_config_arg,
+    get_llms_for_routing_config,
+    get_model_routing_config_arg,
+)
 from openhands.core.logger import openhands_logger as logger
 from openhands.core.main import create_runtime, run_controller
 from openhands.events.action import AgentFinishAction, CmdRunAction, MessageAction
@@ -57,6 +62,7 @@ AGENT_CLS_TO_INST_SUFFIX = {
 
 
 def get_config(
+    instance: pd.Series,
     metadata: EvalMetadata,
 ) -> OpenHandsConfig:
     sandbox_config = get_default_sandbox_config_for_eval()
@@ -66,13 +72,24 @@ def get_config(
         sandbox_config=sandbox_config,
         runtime='docker',
     )
-    config.set_llm_config(metadata.llm_config)
+    config.set_llm_config(
+        update_llm_config_for_completions_logging(
+            metadata.llm_config, metadata.eval_output_dir, instance['instance_id']
+        )
+    )
+    model_routing_config = get_model_routing_config_arg()
+    model_routing_config.llms_for_routing = (
+        get_llms_for_routing_config()
+    )  # Populate with LLMs for routing from config.toml file
+
     if metadata.agent_config:
+        metadata.agent_config.model_routing = model_routing_config
         config.set_agent_config(metadata.agent_config, metadata.agent_class)
     else:
         logger.info('Agent config not provided, using default settings')
         agent_config = config.get_agent_config(metadata.agent_class)
         agent_config.enable_prompt_extensions = False
+        agent_config.model_routing = model_routing_config
 
     config_copy = copy.deepcopy(config)
     load_from_toml(config_copy)
@@ -145,7 +162,7 @@ def process_instance(
     metadata: EvalMetadata,
     reset_logger: bool = True,
 ) -> EvalOutput:
-    config = get_config(metadata)
+    config = get_config(instance, metadata)
 
     # Setup the logger properly, so you can run multi-processing to parallelize the evaluation
     if reset_logger:

evaluation/benchmarks/multi_swe_bench/SWE-Gym.md

@@ -0,0 +1,152 @@
+<h1 align="center"> Training Software Engineering Agents and Verifiers with SWE-Gym </h1>
+
+A Multi-SWE-bench implementation of SWE-Gym.
+
+<p align="center">
+  <a href="https://www.jiayipan.com/" style="text-decoration: none;">Jiayi Pan<sup>*,1</sup></a>,
+  <a href="https://xwang.dev/" style="text-decoration: none;">Xingyao Wang<sup>*,2</sup></a>,
+  <a href="https://www.phontron.com/" style="text-decoration: none;">Graham Neubig<sup>3</sup></a>,
+  <a href="https://www.cs.toronto.edu/~ndjaitly/" style="text-decoration: none;">Navdeep Jaitly<sup>4</sup></a>,
+  <a href="https://blender.cs.illinois.edu/hengji.html" style="text-decoration: none;">Heng Ji<sup>2</sup></a>,
+  <a href="https://www.alanesuhr.com/" style="text-decoration: none;">Alane Suhr<sup>^,1</sup></a>,
+  <a href="https://dreasysnail.github.io/" style="text-decoration: none;">Yizhe Zhang<sup>^,4</sup></a>
+</p>
+
+<p align="center">
+  <sup>1</sup>UC Berkeley, <sup>2</sup>UIUC, <sup>3</sup>CMU, <sup>4</sup>Apple </br>
+  <sub><sup>*</sup>Equal contribution, <sup>^</sup>Equal supervision</sub>
+</p>
+
+<p align="center">
+<a href="https://arxiv.org/abs/2412.21139">📃 Paper</a>
+•
+<a href="https://huggingface.co/SWE-Gym" >🤗 Data & Models</a>
+</p>
+
+We present **SWE-Gym**, the first environment for training real-world software engineering agents.
+We use it to train strong LM agents that achieve state-of-the-art open results on SWE-Bench, with early, promising scaling characteristics as we increase training and inference-time compute.
+
+<p align="center">
+  <img src="https://github.com/SWE-Gym/SWE-Gym/blob/main/assets/images/teaser.jpg?raw=true" width="100%" alt="teaser">
+</p>
+
+---
+# Run SWE-Gym with OpenHands
+
+The process of running SWE-Gym is very similar to how you'd run SWE-Bench evaluation.
+
+
+1. First, clone OpenHands repo `git clone https://github.com/All-Hands-AI/OpenHands.git`
+2. Then setup the repo following [Development.md](https://github.com/All-Hands-AI/OpenHands/blob/main/Development.md)
+3. Then you can simply serve your own model as an OpenAI compatible endpoint, put those info in config.toml. You can do this by following instruction [here](../../README.md#setup).
+4. And then simply do the following to sample for 16x parallelism:
+
+```bash
+export ALLHANDS_API_KEY=ah-yourkey  # You don't need to set this when running these in local docker container
+./evaluation/benchmarks/multi_swe_bench/scripts/rollout_swegym.sh llm.mymodel-temp05 'train-t05' 16
+```
+
+NOTE: SWE-Gym sampling with parallelism is currently only tested with AllHands RemoteRuntime (limited beta). Fill [this form](https://docs.google.com/forms/d/e/1FAIpQLSckVz_JFwg2_mOxNZjCtr7aoBFI2Mwdan3f75J_TrdMS1JV2g/viewform) to apply for access.
+
+
+5. When `rollout_swegym.sh` finishes, you will get a file called `output.with_completions.jsonl.gz`. Then you can use [`./scripts/swegym/convert_data.ipynb`](./scripts/swegym/convert_data.ipynb) to convert them into SFT data format.
+
+## Running the Jupyter Notebook
+
+To run the data conversion notebook, follow these steps:
+
+1. Navigate to the OpenHands repository root:
+```bash
+cd openhands_repo
+```
+
+2. Set the PYTHONPATH and start Jupyter notebook:
+```bash
+PYTHONPATH=$(pwd) jupyter notebook
+```
+
+3. In the Jupyter interface, navigate to `evaluation/benchmarks/swe_bench/scripts/swegym/convert_data.ipynb`
+
+4. Update the file paths in the notebook:
+   - Set `FILE_PATHS` to point to your `output.with_completions.jsonl.gz` files
+   - Set `YOUR_OUTPUT_FOLDER` to your desired output directory
+
+5. Run the notebook cells sequentially to process your data and generate the SFT training format.
+
+---
+# More info about SWE-Gym
+
+Progress in agents for software engineering has been limited by the lack of training environments that both include rigorous verification for reinforcement learning and cover the expansive tasks encountered in real-world repository-level engineering.
+
+We introduce SWE-Gym: An Open Environment for Training Software Engineering Agents & Verifiers.
+Our baselines achieve new open SOTA - 32%/26% on SWE-Bench Verified/Lite, with promising scaling trends.
+
+![SWE-Gym Scaling](https://github.com/SWE-Gym/SWE-Gym/blob/main/assets/images/scaling.jpg?raw=true)
+*SWE-Gym enables scalable improvements for software engineering agents at both training and inference time. Our current results is primarily bottlenecked by training and inference compute, rather than the size of our environment.*
+
+## SWE-Gym Environment
+
+We create SWE-Gym, the first environment for training SWE agents, with **2.4K real tasks from 11 Python repos** & a Lite split of 234 instances. SWE-Gym combines real-world Python tasks, repository context, executable environments, and test verification to train agents for solving software engineering problems.
+
+![SWE-Gym Repo Distribution](https://github.com/SWE-Gym/SWE-Gym/blob/main/assets/images/swe-gym.jpg?raw=true)
+
+
+## SWE-Gym trains LMs as agents
+
+When fine-tuned on less than 500 agent-environment interaction trajectories sampled from it from GPT-4o and Claude 3.5 Sonnet, we achieve **+14%** absolute gains on SWE-Bench Verified with an 32B LM-powered OpenHands agent.
+
+![OpenHands Performance diff before and after training](https://github.com/SWE-Gym/SWE-Gym/blob/main/assets/images/oh-agent.jpg?raw=true)
+
+
+## SWE-Gym enables self-improvement
+
+SWE-Gym is also effective across agent scaffolds. With rejection sampling fine-tuning and MoatlessTools scaffold, our 32B and 7B models achieve 20% and 10% respectively on SWE-Bench Lite through self-improvement.
+
+<p align="center">
+  <img src="https://github.com/SWE-Gym/SWE-Gym/blob/main/assets/images/ml-agent.jpg?raw=true" width="80%" alt="Moatless self-improvement">
+</p>
+
+
+
+## SWE-Gym enables inference-time scaling
+
+SWE-Gym enables inference-time scaling through verifiers trained on agent trajectories.
+These verifiers identify most promising solutions via best-of-n selection, together with our learned agents, they achieve 32%/26% on SWE-Bench Verified/Lite, a new open SoTA.
+
+
+![Inference Time Scaling for Moatless Agent](https://github.com/SWE-Gym/SWE-Gym/blob/main/assets/images/inference-ml.jpg?raw=true)
+*Inference Time Scaling for Moatless Agent*
+
+![Inference Time Scaling for OpenHands Agent](https://github.com/SWE-Gym/SWE-Gym/blob/main/assets/images/inference-oh.jpg?raw=true)
+*Inference Time Scaling for OpenHands Agent*
+
+
+## Our baselines on SWE-Gym shows strong scaling trends
+
+Lastly, our ablations reveal strong scaling trends - performance is now bottlenecked by train and inference compute, rather than the size of our dataset. Pushing and improving these scaling trends further is an exciting direction for future work.
+
+![](https://github.com/SWE-Gym/SWE-Gym/blob/main/assets/images/scaling.jpg?raw=true)
+
+## Reproducing Results
+**The Dataset**
+
+To access SWE-Gym dataset, checkout our huggingface hub page [SWE-Gym](https://huggingface.co/SWE-Gym)
+
+The environment constants are currently saved at [SWE-Bench-Fork](https://github.com/SWE-Gym/SWE-Bench-Fork)
+
+We also have pre-built docker images for each instance under [xingyaoww/sweb.eval.x86_64](https://hub.docker.com/search?q=xingyaoww%2Fsweb.eval.x86_64.) prefix at docker hub.
+
+
+## 📚 Citation
+
+```bibtex
+@misc{pan2024trainingsoftwareengineeringagents,
+      title={Training Software Engineering Agents and Verifiers with SWE-Gym},
+      author={Jiayi Pan and Xingyao Wang and Graham Neubig and Navdeep Jaitly and Heng Ji and Alane Suhr and Yizhe Zhang},
+      year={2024},
+      eprint={2412.21139},
+      archivePrefix={arXiv},
+      primaryClass={cs.SE},
+      url={https://arxiv.org/abs/2412.21139},
+}
+```

evaluation/benchmarks/multi_swe_bench/run_infer.py

@@ -51,8 +51,8 @@ RUN_WITH_BROWSING = os.environ.get('RUN_WITH_BROWSING', 'false').lower() == 'tru
 
 # TODO: migrate all swe-bench docker to ghcr.io/openhands
 # TODO: 适应所有的语言
-DOCKER_IMAGE_PREFIX = os.environ.get('EVAL_DOCKER_IMAGE_PREFIX', '')
-LANGUAGE = os.environ.get('LANGUAGE', 'python')
+DOCKER_IMAGE_PREFIX = os.environ.get('EVAL_DOCKER_IMAGE_PREFIX', 'mswebench')
+LANGUAGE = os.environ.get('LANGUAGE', 'java')
 logger.info(f'Using docker image prefix: {DOCKER_IMAGE_PREFIX}')
 
 
@@ -305,31 +305,19 @@ def get_instance_docker_image(instance: pd.Series):
         instance_id = instance.get('instance_id', '')
         tag_suffix = instance_id.split('-')[-1] if instance_id else ''
         container_tag = f'pr-{tag_suffix}'
-        # pdb.set_trace()
-        return f'mswebench/{container_name}:{container_tag}'
-        # return "kong/insomnia:pr-8284"
-        # return "'sweb.eval.x86_64.local_insomnia"
-        # return "local_insomnia_why"
-        # return "local/kong-insomnia:pr-8117"
+        return f'{DOCKER_IMAGE_PREFIX}/{container_name}:{container_tag}'
 
 
 def get_config(
     instance: pd.Series,
     metadata: EvalMetadata,
 ) -> OpenHandsConfig:
-    SWE_BENCH_CONTAINER_IMAGE = 'ghcr.io/opendevin/eval-swe-bench:full-v1.2.1'
-    if USE_INSTANCE_IMAGE:
-        # We use a different instance image for the each instance of swe-bench eval
-        # base_container_image = get_instance_docker_image(instance['instance_id'])
-        base_container_image = get_instance_docker_image(instance)
-        logger.info(
-            f'Using instance container image: {base_container_image}. '
-            f'Please make sure this image exists. '
-            f'Submit an issue on https://github.com/All-Hands-AI/OpenHands if you run into any issues.'
-        )
-    else:
-        base_container_image = SWE_BENCH_CONTAINER_IMAGE
-        logger.info(f'Using swe-bench container image: {base_container_image}')
+    base_container_image = get_instance_docker_image(instance)
+    logger.info(
+        f'Using instance container image: {base_container_image}. '
+        f'Please make sure this image exists. '
+        f'Submit an issue on https://github.com/All-Hands-AI/OpenHands if you run into any issues.'
+    )
 
     sandbox_config = get_default_sandbox_config_for_eval()
     sandbox_config.base_container_image = base_container_image
@@ -772,7 +760,6 @@ if __name__ == '__main__':
     parser.add_argument(
         '--dataset',
         type=str,
-        default='princeton-nlp/SWE-bench',
         help='data set to evaluate on, either full-test or lite-test',
     )
     parser.add_argument(
@@ -787,6 +774,7 @@ if __name__ == '__main__':
     # so we don't need to manage file uploading to OpenHands's repo
     # dataset = load_dataset(args.dataset, split=args.split)
     # dataset = load_dataset(args.dataset)
+    logger.info(f'Loading dataset {args.dataset} with split {args.split} ')
     dataset = load_dataset('json', data_files=args.dataset)
     dataset = dataset[args.split]
     swe_bench_tests = filter_dataset(dataset.to_pandas(), 'instance_id')
@@ -839,7 +827,7 @@ if __name__ == '__main__':
         args.eval_num_workers,
         process_instance,
         timeout_seconds=120 * 60,  # 2 hour PER instance should be more than enough
-        max_retries=5,
+        max_retries=3,
     )
     # Check if any instances reached maximum retries
     check_maximum_retries_exceeded(metadata.eval_output_dir)

evaluation/benchmarks/multi_swe_bench/scripts/data/data_change.py

@@ -1,37 +1,54 @@
+import argparse
 import json
 
-input_file = 'XXX.jsonl'
-output_file = 'YYY.jsonl'
 
-with (
-    open(input_file, 'r', encoding='utf-8') as fin,
-    open(output_file, 'w', encoding='utf-8') as fout,
-):
-    for line in fin:
-        line = line.strip()
-        if not line:
-            continue
+def main(input_file, output_file):
+    with (
+        open(input_file, 'r', encoding='utf-8') as fin,
+        open(output_file, 'w', encoding='utf-8') as fout,
+    ):
+        for line in fin:
+            line = line.strip()
+            if not line:
+                continue
 
-        data = json.loads(line)
-        item = data
+            data = json.loads(line)
+            item = data
 
-        # 提取原始数据
-        org = item.get('org', '')
-        repo = item.get('repo', '')
-        number = str(item.get('number', ''))
+            # Skip instances that don't have resolved_issues or have empty resolved_issues
+            if not item.get('resolved_issues') or len(item['resolved_issues']) == 0:
+                print(
+                    f'Skipping instance {item.get("org", "")}/{item.get("repo", "")}-{item.get("number", "")} - no resolved_issues'
+                )
+                continue
 
-        new_item = {}
-        new_item['repo'] = f'{org}/{repo}'
-        new_item['instance_id'] = f'{org}__{repo}-{number}'
-        new_item['problem_statement'] = (
-            item['resolved_issues'][0].get('title', '')
-            + '\n'
-            + item['resolved_issues'][0].get('body', '')
-        )
-        new_item['FAIL_TO_PASS'] = []
-        new_item['PASS_TO_PASS'] = []
-        new_item['base_commit'] = item['base'].get('sha', '')
-        new_item['version'] = '0.1'  # depends
+            # 提取原始数据
+            org = item.get('org', '')
+            repo = item.get('repo', '')
+            number = str(item.get('number', ''))
 
-        output_data = new_item
-        fout.write(json.dumps(output_data, ensure_ascii=False) + '\n')
+            new_item = {}
+            new_item['repo'] = f'{org}/{repo}'
+            new_item['instance_id'] = f'{org}__{repo}-{number}'
+
+            # Get the first resolved issue
+            resolved_issue = item['resolved_issues'][0]
+            title = resolved_issue.get('title') or ''
+            body = resolved_issue.get('body') or ''
+
+            new_item['problem_statement'] = title + '\n' + body
+            new_item['FAIL_TO_PASS'] = []
+            new_item['PASS_TO_PASS'] = []
+            new_item['base_commit'] = item['base'].get('sha', '')
+            new_item['version'] = '0.1'  # depends
+
+            output_data = new_item
+            fout.write(json.dumps(output_data, ensure_ascii=False) + '\n')
+
+
+if __name__ == '__main__':
+    parser = argparse.ArgumentParser()
+    parser.add_argument('--input', required=True, help='Input .jsonl file path')
+    parser.add_argument('--output', required=True, help='Output .jsonl file path')
+    args = parser.parse_args()
+    main(args.input, args.output)

evaluation/benchmarks/multi_swe_bench/scripts/eval/combine_final_completions.py

@@ -0,0 +1,69 @@
+import argparse
+import gzip
+import json
+import os
+from glob import glob
+
+from tqdm import tqdm
+
+tqdm.pandas()
+
+
+# Load trajectories for resolved instances
+def load_completions(output_dir: str, instance_id: str):
+    glob_path = os.path.join(output_dir, 'llm_completions', instance_id, '*.json')
+    files = sorted(glob(glob_path))  # this is ascending order
+    # pick the last file (last turn)
+    try:
+        file_path = files[-1]
+    except IndexError:
+        # print(f'No files found for instance {instance_id}: files={files}')
+        return None
+    with open(file_path, 'r') as f:
+        result = json.load(f)
+    # create messages
+    messages = result['messages']
+    messages.append(result['response']['choices'][0]['message'])
+    tools = result['kwargs'].get('tools', [])
+    return {
+        'messages': messages,
+        'tools': tools,
+    }
+
+
+parser = argparse.ArgumentParser()
+parser.add_argument('jsonl_path', type=str)
+args = parser.parse_args()
+
+output_dir = os.path.dirname(args.jsonl_path)
+output_path = os.path.join(output_dir, 'output.with_completions.jsonl.gz')
+
+# Check if output would be different from input
+needs_update = False
+with open(args.jsonl_path, 'r') as f_in:
+    for line in tqdm(f_in, desc='Checking for changes'):
+        data = json.loads(line)
+        new_completions = load_completions(output_dir, data['instance_id'])
+        current_completions = data.get('raw_completions')
+        if current_completions != new_completions:
+            needs_update = True
+            break
+
+if not needs_update:
+    print('No updates required. Skipping file update.')
+    exit(0)
+
+if os.path.exists(output_path):
+    print(f'Output file already exists at {output_path}, overwriting? (y/n)')
+    if input() != 'y':
+        print('Exiting...')
+        exit(0)
+
+# Process line by line
+with open(args.jsonl_path, 'r') as f_in, gzip.open(output_path, 'wt') as f_out:
+    for line in tqdm(f_in):
+        data = json.loads(line)
+        data['raw_completions'] = load_completions(output_dir, data['instance_id'])
+        f_out.write(json.dumps(data) + '\n')
+
+print(f'Saved compressed output to {output_path}')

evaluation/benchmarks/multi_swe_bench/scripts/eval/convert.py

@@ -1,13 +1,11 @@
+import argparse
 import json
 import re
 
-IN_FILE = 'output.jsonl'
-OUT_FILE = 'patch.jsonl'
 
-
-def main():
-    with open(IN_FILE, 'r') as fin:
-        with open(OUT_FILE, 'w') as fout:
+def main(input_file, output_file):
+    with open(input_file, 'r') as fin:
+        with open(output_file, 'w') as fout:
             for line in fin:
                 data = json.loads(line)
                 groups = re.match(r'(.*)__(.*)-(.*)', data['instance_id'])
@@ -15,10 +13,14 @@ def main():
                     'org': groups.group(1),
                     'repo': groups.group(2),
                     'number': groups.group(3),
-                    'fix_patch': data['test_result']['git_patch'],
+                    'fix_patch': data.get('test_result', {}).get('git_patch', '') or '',
                 }
                 fout.write(json.dumps(patch) + '\n')
 
 
 if __name__ == '__main__':
-    main()
+    parser = argparse.ArgumentParser()
+    parser.add_argument('--input', required=True, help='Input .jsonl file path')
+    parser.add_argument('--output', required=True, help='Output .jsonl file path')
+    args = parser.parse_args()
+    main(args.input, args.output)

evaluation/benchmarks/multi_swe_bench/scripts/eval/update_multi_swe_bench_config.py

@@ -0,0 +1,70 @@
+import argparse
+import json
+import os
+import subprocess
+
+
+def update_multi_swe_config(output_jsonl_path, config_path, dataset):
+    path_to_parent = os.path.dirname(os.path.abspath(output_jsonl_path))
+    converted_path = os.path.join(path_to_parent, 'output_converted.jsonl')
+
+    # Run the conversion script
+    subprocess.run(
+        [
+            'python3',
+            './evaluation/benchmarks/multi_swe_bench/scripts/eval/convert.py',
+            '--input',
+            output_jsonl_path,
+            '--output',
+            converted_path,
+        ],
+        check=True,
+    )
+
+    # Create required directories
+    os.makedirs(os.path.join(path_to_parent, 'eval_files', 'dataset'), exist_ok=True)
+    os.makedirs(os.path.join(path_to_parent, 'eval_files', 'workdir'), exist_ok=True)
+    os.makedirs(os.path.join(path_to_parent, 'eval_files', 'repos'), exist_ok=True)
+    os.makedirs(os.path.join(path_to_parent, 'eval_files', 'logs'), exist_ok=True)
+
+    # Prepare config dict
+    config = {
+        'mode': 'evaluation',
+        'workdir': os.path.join(path_to_parent, 'eval_files', 'workdir'),
+        'patch_files': [converted_path],
+        'dataset_files': [dataset],
+        'force_build': True,
+        'output_dir': os.path.join(path_to_parent, 'eval_files', 'dataset'),
+        'specifics': [],
+        'skips': [],
+        'repo_dir': os.path.join(path_to_parent, 'eval_files', 'repos'),
+        'need_clone': True,
+        'global_env': [],
+        'clear_env': True,
+        'stop_on_error': False,
+        'max_workers': 5,
+        'max_workers_build_image': 5,
+        'max_workers_run_instance': 5,
+        'log_dir': os.path.join(path_to_parent, 'eval_files', 'logs'),
+        'log_level': 'DEBUG',
+        'fix_patch_run_cmd': (
+            'bash -c "apt update ; apt install -y patch ; '
+            "sed -i 's@git apply.*@patch --batch --fuzz=5 -p1 -i /home/test.patch;"
+            'patch --batch --fuzz=5 -p1 -i /home/fix.patch@g\' /home/fix-run.sh ; chmod +x /home/*.sh  ; /home/fix-run.sh"'
+        ),
+    }
+
+    # Save to multibench.config
+    os.makedirs(os.path.dirname(config_path), exist_ok=True)
+    with open(config_path, 'w') as f:
+        json.dump(config, f, indent=4)
+
+
+if __name__ == '__main__':
+    parser = argparse.ArgumentParser()
+    parser.add_argument('--input', required=True, help='Path to input file')
+    parser.add_argument('--output', required=True, help='Path to create config')
+    parser.add_argument('--dataset', required=True, help='Path to dataset')
+    args = parser.parse_args()
+
+    update_multi_swe_config(args.input, args.output, args.dataset)

evaluation/benchmarks/multi_swe_bench/scripts/eval/update_output_with_eval.py

@@ -0,0 +1,176 @@
+import argparse
+import json
+import os
+from collections import defaultdict
+
+from tqdm import tqdm
+
+parser = argparse.ArgumentParser()
+parser.add_argument('input_file', type=str)
+parser.add_argument(
+    '--force',
+    action='store_true',
+    help='Force update all reports even if no changes are detected',
+)
+parser.add_argument(
+    '--overwrite-backup',
+    action='store_true',
+    help='Automatically overwrite existing backup files without prompting',
+)
+args = parser.parse_args()
+
+dirname = os.path.dirname(args.input_file)
+
+# Initialize counters and data structures
+instance_id_to_status = defaultdict(
+    lambda: {
+        'empty_generation': False,
+        'resolved': False,
+        'failed_apply_patch': False,
+        'error_eval': False,
+        'test_timeout': False,
+    }
+)
+
+# Process official report if it exists
+swebench_official_report_json = os.path.join(
+    dirname, 'eval_files/dataset/final_report.json'
+)
+openhands_remote_report_jsonl = args.input_file.replace(
+    '.jsonl', '.swebench_eval.jsonl'
+)
+
+if os.path.exists(swebench_official_report_json):
+    output_md_filepath = os.path.join(dirname, 'README.md')
+    with open(swebench_official_report_json, 'r') as f:
+        report = json.load(f)
+
+    # Convert instance IDs from "repo/name:pr-123" format to "repo__name-123" format
+    def convert_instance_id(instance_id):
+        """Convert instance ID from slash/colon-pr format to double underscore/dash format."""
+        if '/' in instance_id and ':pr-' in instance_id:
+            # Split on '/' and ':pr-'
+            parts = instance_id.split('/')
+            if len(parts) == 2:
+                repo_part = parts[0]
+                name_and_pr = parts[1]
+                if ':pr-' in name_and_pr:
+                    name, pr_number = name_and_pr.split(':pr-')
+                    return f'{repo_part}__{name}-{pr_number}'
+        return instance_id
+
+    # Convert all instance ID lists in the report
+    for key in [
+        'resolved_ids',
+        'unresolved_ids',
+        'error_ids',
+        'empty_patch_ids',
+        'incomplete_ids',
+    ]:
+        if key in report:
+            report[key] = [
+                convert_instance_id(instance_id) for instance_id in report[key]
+            ]
+
+    output_md = (
+        '# Multi-SWE-bench Report\n'
+        'This folder contains the evaluation results of the SWE-bench using the [official evaluation docker containerization](https://github.com/princeton-nlp/SWE-bench/blob/main/docs/20240627_docker/README.md#choosing-the-right-cache_level).\n\n'
+        '## Summary\n'
+        f'- total instances: {report["total_instances"]}\n'
+        f'- submitted instances: {report["submitted_instances"]}\n'
+        f'- completed instances: {report["completed_instances"]}\n'
+        f'- empty patch instances: {report["empty_patch_instances"]}\n'
+        f'- resolved instances: {report["resolved_instances"]}\n'
+        f'- unresolved instances: {report["unresolved_instances"]}\n'
+        f'- error instances: {report["error_instances"]}\n'
+    )
+
+    output_md += '\n## Resolved Instances\n'
+    # instance_id to status
+    for instance_id in report['resolved_ids']:
+        instance_id_to_status[instance_id]['resolved'] = True
+        output_md += (
+            f'- [{instance_id}](./eval_outputs/{instance_id}/run_instance.log)\n'
+        )
+
+    output_md += '\n## Unresolved Instances\n'
+    for instance_id in report['unresolved_ids']:
+        output_md += (
+            f'- [{instance_id}](./eval_outputs/{instance_id}/run_instance.log)\n'
+        )
+
+    output_md += '\n## Error Instances\n'
+    for instance_id in report['error_ids']:
+        instance_id_to_status[instance_id]['error_eval'] = True
+        output_md += (
+            f'- [{instance_id}](./eval_outputs/{instance_id}/run_instance.log)\n'
+        )
+
+    output_md += '\n## Empty Patch Instances\n'
+    for instance_id in report['empty_patch_ids']:
+        instance_id_to_status[instance_id]['empty_generation'] = True
+        output_md += (
+            f'- [{instance_id}](./eval_outputs/{instance_id}/run_instance.log)\n'
+        )
+
+    output_md += '\n## Incomplete Instances\n'
+    for instance_id in report['incomplete_ids']:
+        output_md += (
+            f'- [{instance_id}](./eval_outputs/{instance_id}/run_instance.log)\n'
+        )
+
+    with open(output_md_filepath, 'w') as f:
+        f.write(output_md)
+
+else:
+    print(
+        f'No report file found: Both {swebench_official_report_json} and {openhands_remote_report_jsonl} do not exist.'
+    )
+    exit()
+
+# Before backup and update, check if any changes would be made (unless --force is used)
+if not args.force:
+    needs_update = False
+    with open(args.input_file, 'r') as infile:
+        for line in tqdm(infile, desc='Checking for changes'):
+            data = json.loads(line)
+            instance_id = data['instance_id']
+            current_report = data.get('report', {})
+            new_report = instance_id_to_status[
+                instance_id
+            ]  # if no report, it's not resolved
+            if current_report != new_report:
+                needs_update = True
+                break
+
+    if not needs_update:
+        print('No updates detected. Skipping file update.')
+        exit()
+else:
+    print('Force flag enabled. Updating all reports regardless of changes.')
+
+# Backup and update the original file row by row
+if os.path.exists(args.input_file + '.bak'):
+    if args.overwrite_backup:
+        print(
+            'Existing backup file found. Overwriting automatically due to --overwrite-backup flag.'
+        )
+        os.remove(args.input_file + '.bak')
+    else:
+        conf = input('Existing backup file found. Do you want to overwrite it? (y/n)')
+        if conf != 'y':
+            exit()
+        os.remove(args.input_file + '.bak')
+
+os.rename(args.input_file, args.input_file + '.bak')
+
+# Process and write file row by row
+with (
+    open(args.input_file + '.bak', 'r') as infile,
+    open(args.input_file, 'w') as outfile,
+):
+    for line in tqdm(infile, desc='Updating output file'):
+        data = json.loads(line)
+        instance_id = data['instance_id']
+        data['report'] = instance_id_to_status[instance_id]
+        outfile.write(json.dumps(data) + '\n')

evaluation/benchmarks/multi_swe_bench/scripts/rollout_multi_swegym.sh

@@ -0,0 +1,146 @@
+#!/bin/bash
+
+# NOTE: this script is for rolling out the Multi-SWE-Gym dataset for **TRAINING**
+# For more information, please refer to
+# 1. the Github Repo: https://github.com/SWE-Gym/SWE-Gym
+# 2. the paper: https://arxiv.org/abs/2412.21139
+
+MODEL=$1  # eg your llm config name in config.toml (eg: "llm.claude-3-5-sonnet-20241022-t05")
+EXP_NAME=$2 # "train-t05"
+EVAL_DATASET=$3  # path to original dataset (jsonl file)
+N_WORKERS=${4:-64}
+N_RUNS=${5:-1}
+
+export EXP_NAME=$EXP_NAME
+# use 2x resources for rollout since some codebases are pretty resource-intensive
+export DEFAULT_RUNTIME_RESOURCE_FACTOR=2
+echo "MODEL: $MODEL"
+echo "EXP_NAME: $EXP_NAME"
+echo "EVAL_DATASET: $EVAL_DATASET"
+# Generate DATASET path by adding _with_runtime_ before .jsonl extension
+DATASET="${EVAL_DATASET%.jsonl}_with_runtime_.jsonl"  # path to converted dataset
+
+# Create the converted dataset file
+echo "Creating converted dataset at: $DATASET"
+poetry run python ./evaluation/benchmarks/multi_swe_bench/scripts/data/data_change.py --input "$EVAL_DATASET" --output "$DATASET"
+
+SPLIT="train"
+export LANGUAGE=java
+
+if [ -z "$ALLHANDS_API_KEY" ] || [ "$RUNTIME" != "remote" ]; then
+    echo "ALLHANDS_API_KEY is not set or RUNTIME is not set to remote. Will rollout and evaluate locally using Docker. WARNING: A large value of N_WORKERS will result in a large number of Docker containers being spun up and may crash your machine."
+    export RUNTIME=docker
+else
+    echo "ALLHANDS_API_KEY is set and RUNTIME is set to remote. Continuing rollout and evaluation with remote runtime..."
+    export SANDBOX_REMOTE_RUNTIME_API_URL="https://runtime.eval.all-hands.dev"
+fi
+
+#EVAL_LIMIT=3000
+MAX_ITER=100
+
+
+# ===== Run inference =====
+source "evaluation/utils/version_control.sh"
+get_openhands_version
+
+echo "OPENHANDS_VERSION: $OPENHANDS_VERSION"
+echo "MODEL_CONFIG: $MODEL_CONFIG"
+echo "DATASET: $DATASET"
+echo "EVAL_DOCKER_IMAGE_PREFIX: $EVAL_DOCKER_IMAGE_PREFIX"
+
+# Default to NOT use Hint
+export USE_INSTANCE_IMAGE=true
+export USE_HINT_TEXT=false
+export RUN_WITH_BROWSING=false
+echo "USE_HINT_TEXT: $USE_HINT_TEXT"
+EVAL_NOTE="$OPENHANDS_VERSION-no-hint-$EXP_NAME"
+
+function run_eval() {
+  local eval_note=$1
+  export LANGUAGE=java
+  echo "About to run command"
+  COMMAND="EVAL_DOCKER_IMAGE_PREFIX=$EVAL_DOCKER_IMAGE_PREFIX; LANGUAGE=java;
+    poetry run python evaluation/benchmarks/multi_swe_bench/run_infer.py \
+    --agent-cls CodeActAgent \
+    --llm-config $MODEL \
+    --max-iterations $MAX_ITER \
+    --eval-num-workers $N_WORKERS \
+    --eval-note $eval_note \
+    --dataset $DATASET \
+    --split $SPLIT"
+
+  echo "Running command: $COMMAND"
+  if [ -n "$EVAL_LIMIT" ]; then
+    echo "EVAL_LIMIT: $EVAL_LIMIT"
+    COMMAND="$COMMAND --eval-n-limit $EVAL_LIMIT"
+  fi
+
+  # Run the command
+  eval $COMMAND
+}
+
+for run_idx in $(seq 1 $N_RUNS); do
+
+    while true; do
+        echo "### Running inference... ###"
+        unset SANDBOX_ENV_GITHUB_TOKEN # prevent the agent from using the github token to push
+        current_eval_note="$EVAL_NOTE-run_$run_idx"
+        echo "EVAL_NOTE: $current_eval_note"
+        echo "DATASET command: $DATASET"
+        #INFER_OUTPUT=$(run_eval $current_eval_note)
+        INFER_OUTPUT=$(run_eval $current_eval_note | tee /dev/stderr)
+        INFER_STATUS=$?  # Capture the exit status of run_infer.sh
+        echo "INFER_STATUS: $INFER_STATUS"
+
+        echo "### Cleaning up remote runtime... ###"
+        ./evaluation/utils/scripts/cleanup_remote_runtime.sh
+
+        if [ $INFER_STATUS -eq 0 ]; then
+            echo "### Inference completed successfully. ###"
+            break
+        else
+            echo "### Inference failed with exit code $INFER_STATUS. Retrying... ###"
+        fi
+    done
+
+    # Extract the output directory using the special delimiters
+    OUTPUT_FILE=$(echo "$INFER_OUTPUT" | grep -o '### OUTPUT FILE:.* ###' | sed 's/### OUTPUT FILE: \(.*\) ###/\1/')
+    echo "Got OUTPUT_FILE: $OUTPUT_FILE"
+
+    while true; do
+        echo "### Evaluating on $OUTPUT_FILE ... ###"
+        OUTPUT_CONFIG_FILE="${OUTPUT_FILE%.jsonl}_config.json"
+        export EVAL_SKIP_BUILD_ERRORS=true
+        pip install multi-swe-bench --quiet --disable-pip-version-check > /dev/null 2>&1
+        COMMAND="poetry run python ./evaluation/benchmarks/multi_swe_bench/scripts/eval/update_multi_swe_bench_config.py --input $OUTPUT_FILE --output $OUTPUT_CONFIG_FILE --dataset $EVAL_DATASET;
+        python -m multi_swe_bench.harness.run_evaluation --config $OUTPUT_CONFIG_FILE
+        "
+
+        if [ -n "$EVAL_LIMIT" ]; then
+        echo "EVAL_LIMIT: $EVAL_LIMIT"
+        COMMAND="$COMMAND --eval-n-limit $EVAL_LIMIT"
+        fi
+        echo "Running command: $COMMAND"
+        # Run the command
+        eval $COMMAND
+        EVAL_STATUS=$?
+        if [ $EVAL_STATUS -eq 0 ]; then
+            echo "### Evaluation completed successfully. ###"
+            break
+        else
+            echo "### Evaluation failed with exit code $EVAL_STATUS. Retrying... ###"
+        fi
+
+        ./evaluation/utils/scripts/cleanup_remote_runtime.sh
+    done
+
+    # update the output with evaluation results
+    echo "### Updating the output with evaluation results... ###"
+    poetry run python evaluation/benchmarks/multi_swe_bench/scripts/eval/update_output_with_eval.py $OUTPUT_FILE
+
+    echo "### Combining the final completions... ###"
+    poetry run python evaluation/benchmarks/multi_swe_bench/scripts/eval/combine_final_completions.py $OUTPUT_FILE
+
+    echo "### DONE for run $run_idx! ###"
+    echo "You can find the final output at $(dirname $OUTPUT_FILE)/$FINAL_OUTPUT_FILE"
+done

evaluation/benchmarks/multi_swe_bench/scripts/run_infer.sh

@@ -47,8 +47,8 @@ if [ -z "$DATASET" ]; then
 fi
 
 if [ -z "$LANGUAGE" ]; then
-  echo "LANUGUAGE not specified, use default python"
-  LANGUAGE="python"
+  echo "LANGUAGE not specified, use default python"
+  LANGUAGE="java"
 fi
 
 if [ -z "$SPLIT" ]; then
@@ -69,10 +69,10 @@ fi
 
 if [ -z "$EVAL_DOCKER_IMAGE_PREFIX" ]; then
   if [ "$LANGUAGE" = "python" ]; then
-  echo "EVAL_DOCKER_IMAGE_PREFIX is docker.io/xingyaoww/ as default as LANUGUAGE is python"
+  echo "EVAL_DOCKER_IMAGE_PREFIX is docker.io/xingyaoww/ as default as LANGUAGE is python"
     EVAL_DOCKER_IMAGE_PREFIX="docker.io/xingyaoww/"
   elif [ "$LANGUAGE" = "java" ]; then
-  echo "EVAL_DOCKER_IMAGE_PREFIX is java_verified as LANUGUAGE is java"
+  echo "EVAL_DOCKER_IMAGE_PREFIX is empty as LANGUAGE is java"
     EVAL_DOCKER_IMAGE_PREFIX=""
   fi
 fi

evaluation/benchmarks/multi_swe_bench/scripts/swegym/convert_data.ipynb

@@ -0,0 +1,344 @@
+{
+ "cells": [
+  {
+   "cell_type": "code",
+   "execution_count": null,
+   "metadata": {},
+   "outputs": [],
+   "source": [
+    "import os\n",
+    "\n",
+    "import pandas as pd\n",
+    "from tqdm import tqdm\n",
+    "\n",
+    "tqdm.pandas()"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "# 1. Load raw data and convert to training data"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": null,
+   "metadata": {},
+   "outputs": [],
+   "source": [
+    "import gzip\n",
+    "import json\n",
+    "\n",
+    "from tqdm import tqdm\n",
+    "\n",
+    "FILE_PATHS = [\n",
+    "    'YOURPATH-no-hint-train-t05-run_1/output.with_completions.jsonl.gz',\n",
+    "    'YOURPATH-no-hint-train-t05-run_2/output.with_completions.jsonl.gz',\n",
+    "]\n",
+    "\n",
+    "# More memory efficient for large files\n",
+    "# Initialize lists to store the data\n",
+    "data = []\n",
+    "\n",
+    "\n",
+    "# Read file line by line\n",
+    "for FILE_PATH in FILE_PATHS:\n",
+    "    with gzip.open(FILE_PATH, 'rb') as f:  # Use 'rb' for gzipped files\n",
+    "        for i, line in tqdm(\n",
+    "            enumerate(f), desc=f'Processing {FILE_PATH.split(\"/\")[-1]}'\n",
+    "        ):\n",
+    "            # Parse only the fields we need\n",
+    "            raw_data = json.loads(line)\n",
+    "            data.append(\n",
+    "                {\n",
+    "                    'resolved': raw_data['report']['resolved'],\n",
+    "                    'messages': raw_data['raw_completions']['messages']\n",
+    "                    if raw_data['raw_completions'] is not None\n",
+    "                    else None,\n",
+    "                    'git_patch': raw_data['test_result'].get('git_patch', ''),\n",
+    "                    'tools': raw_data['raw_completions']['tools']\n",
+    "                    if raw_data['raw_completions'] is not None\n",
+    "                    and 'tools' in raw_data['raw_completions']\n",
+    "                    else None,\n",
+    "                }\n",
+    "            )\n",
+    "\n",
+    "# Convert to DataFrame after collecting all data\n",
+    "df = pd.DataFrame(data)\n",
+    "print(f'#total amount of data={len(df)}')\n",
+    "df = df[~df['messages'].isna()]\n",
+    "print(f'#total amount of data after removing nan={len(df)}')"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "## Filter"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": null,
+   "metadata": {},
+   "outputs": [],
+   "source": [
+    "def _contains_multiple_tool_calls(messages: list[dict]) -> bool:\n",
+    "    return any(\n",
+    "        message.get('tool_calls') and len(message['tool_calls']) > 1\n",
+    "        for message in messages\n",
+    "    )\n",
+    "\n",
+    "\n",
+    "df['contains_multiple_tool_calls'] = df['messages'].apply(_contains_multiple_tool_calls)\n",
+    "display(df.groupby(['contains_multiple_tool_calls'])['resolved'].sum())"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": null,
+   "metadata": {
+    "scrolled": true
+   },
+   "outputs": [],
+   "source": [
+    "import copy\n",
+    "\n",
+    "# Convert function calling messages to non-function calling messages\n",
+    "from openhands.llm.fn_call_converter import (\n",
+    "    FunctionCallConversionError,\n",
+    "    convert_fncall_messages_to_non_fncall_messages,\n",
+    "    convert_from_multiple_tool_calls_to_single_tool_call_messages,\n",
+    ")\n",
+    "\n",
+    "total_failed = 0\n",
+    "\n",
+    "\n",
+    "def _convert_messages(messages: list[dict], tools: list[dict]) -> list[dict]:\n",
+    "    global total_failed\n",
+    "    message_copy = copy.deepcopy(messages)\n",
+    "    for message in message_copy:\n",
+    "        if message['content'] is None:\n",
+    "            message['content'] = ''\n",
+    "    try:\n",
+    "        return convert_fncall_messages_to_non_fncall_messages(\n",
+    "            message_copy, tools, add_in_context_learning_example=False\n",
+    "        )\n",
+    "    except FunctionCallConversionError:\n",
+    "        total_failed += 1\n",
+    "        # print(f'Failed to convert messages: {messages}\\nTools: {tools}')\n",
+    "        # traceback.print_exc()\n",
+    "        return None\n",
+    "\n",
+    "\n",
+    "df['converted_messages'] = df.apply(\n",
+    "    lambda row: convert_from_multiple_tool_calls_to_single_tool_call_messages(\n",
+    "        row['messages'], ignore_final_tool_result=True\n",
+    "    ),\n",
+    "    axis=1,\n",
+    ")\n",
+    "df['nonfncall_messages'] = df.apply(\n",
+    "    lambda row: _convert_messages(row['converted_messages'], row['tools']), axis=1\n",
+    ")\n",
+    "print('total nan', df['nonfncall_messages'].isna().sum())\n",
+    "df = df[~df['nonfncall_messages'].isna()]\n",
+    "print(df['nonfncall_messages'].iloc[0])\n",
+    "\n",
+    "print(f'Total failed: {total_failed}')"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "## Tokenization"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": null,
+   "metadata": {},
+   "outputs": [],
+   "source": [
+    "from pandarallel import pandarallel\n",
+    "from transformers import AutoTokenizer\n",
+    "\n",
+    "os.environ['TOKENIZERS_PARALLELISM'] = 'false'\n",
+    "pandarallel.initialize(progress_bar=True, verbose=1, nb_workers=16)\n",
+    "tokenizer = AutoTokenizer.from_pretrained('Qwen/Qwen2.5-7B-Instruct')\n",
+    "\n",
+    "\n",
+    "def clean_messages(messages):\n",
+    "    clean = []\n",
+    "    for msg in messages:\n",
+    "        if not isinstance(msg, dict):\n",
+    "            continue\n",
+    "        role = msg.get('role')\n",
+    "        content = msg.get('content')\n",
+    "        if isinstance(content, str):\n",
+    "            text = content\n",
+    "        elif isinstance(content, dict):\n",
+    "            text = content.get('text')\n",
+    "        elif (\n",
+    "            isinstance(content, list)\n",
+    "            and len(content) == 1\n",
+    "            and isinstance(content[0], dict)\n",
+    "        ):\n",
+    "            text = content[0].get('text')\n",
+    "        else:\n",
+    "            print(f'Format not accepted {content}')\n",
+    "        clean.append({'role': role, 'content': text})\n",
+    "    return clean\n",
+    "\n",
+    "\n",
+    "# Step 1: Clean the messages\n",
+    "df['nonfncall_messages'] = df['nonfncall_messages'].apply(clean_messages)\n",
+    "\n",
+    "# Step 2: Compute token count\n",
+    "df['n_tokens'] = df['nonfncall_messages'].parallel_apply(\n",
+    "    lambda x: len(tokenizer.apply_chat_template(x))\n",
+    ")\n",
+    "\n",
+    "# print(df['nonfncall_messages'])"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": null,
+   "metadata": {},
+   "outputs": [],
+   "source": [
+    "print(f'BEFORE: #total={len(df)}')\n",
+    "df_selected = df[df['n_tokens'] < 131072]\n",
+    "print(f'AFTER(truncated to 128k): #total={len(df_selected)}')"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": null,
+   "metadata": {},
+   "outputs": [],
+   "source": [
+    "df_selected['n_tokens'].describe()"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": null,
+   "metadata": {},
+   "outputs": [],
+   "source": [
+    "# ecdf of n_tokens\n",
+    "import matplotlib.pyplot as plt\n",
+    "import seaborn as sns\n",
+    "\n",
+    "display(df.groupby(['resolved'])['n_tokens'].describe())\n",
+    "sns.ecdfplot(x='n_tokens', data=df, hue='resolved')\n",
+    "plt.show()\n",
+    "\n",
+    "print(f'#total={len(df)}')\n",
+    "df_selected = df[df['n_tokens'] < 131072]\n",
+    "print(f'#selected={len(df_selected)}')\n",
+    "display(df_selected.groupby(['resolved'])['n_tokens'].describe())\n",
+    "sns.ecdfplot(x='n_tokens', data=df_selected, hue='resolved')\n",
+    "plt.show()"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": null,
+   "metadata": {},
+   "outputs": [],
+   "source": [
+    "df_selected[~df_selected['resolved']]['n_tokens'].describe()"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": null,
+   "metadata": {},
+   "outputs": [],
+   "source": [
+    "df_selected['resolved'].value_counts()"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": null,
+   "metadata": {},
+   "outputs": [],
+   "source": [
+    "df_selected.groupby(['resolved'])['n_tokens'].describe()"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "# Save Resolved Messages for SFT"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": null,
+   "metadata": {},
+   "outputs": [],
+   "source": [
+    "# Flatten messages and change format to {\"content\": \"\", \"role\": \"\"}\n",
+    "df_selected[df_selected['resolved']][['nonfncall_messages']].rename(\n",
+    "    columns={'nonfncall_messages': 'messages'}\n",
+    ").to_json(\n",
+    "    os.path.join(\n",
+    "        'PATH_TO_FILE',\n",
+    "        f'policy_traj_128k_swegym_{df_selected[\"resolved\"].value_counts()[True]}i.jsonl',\n",
+    "    ),\n",
+    "    lines=True,\n",
+    "    orient='records',\n",
+    ")"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": null,
+   "metadata": {},
+   "outputs": [],
+   "source": []
+  },
+  {
+   "cell_type": "code",
+   "execution_count": null,
+   "metadata": {},
+   "outputs": [],
+   "source": []
+  },
+  {
+   "cell_type": "code",
+   "execution_count": null,
+   "metadata": {},
+   "outputs": [],
+   "source": []
+  }
+ ],
+ "metadata": {
+  "kernelspec": {
+   "display_name": "Python 3 (ipykernel)",
+   "language": "python",
+   "name": "python3"
+  },
+  "language_info": {
+   "codemirror_mode": {
+    "name": "ipython",
+    "version": 3
+   },
+   "file_extension": ".py",
+   "mimetype": "text/x-python",
+   "name": "python",
+   "nbconvert_exporter": "python",
+   "pygments_lexer": "ipython3",
+   "version": "3.12.11"
+  }
+ },
+ "nbformat": 4,
+ "nbformat_minor": 4
+}